I am evaluating this. Please, in the future, send patches as
attachments, as copying/pasting them usually introduces unwanted
linefeeds that make the patch fail.
DRC
On 3/8/11 6:48 AM, Sebastiaan Breedveld wrote:
> On 03/03/2011 01:18 PM, Adam Tkac wrote:
>> On Thu, Mar 03, 2011 at 01:11:22PM +0100, Sebastiaan Breedveld wrote:
>>> > 2) When using the VeNCrypt security type, the ~/.vnc/passwd is not
>>>>> necessary, yet the user is asked to create one. Same when using the
>>>>> securitytype none. The script now checks for the -SecurityType option
>>>>> and checks wether VeNCrypt type or none is specified. (That is, I am in
>>>>> the assumption that the VeNCrypt type does not use the vnc password.)
>>>> You are right, vncserver script shouldn't create passwd file unless
>>>> it is needed.
>>>>
>>>> passwd file is needed only when at least one of those types is
>>>> specified (case insensitive):
>>>>
>>>> VncAuth or TLSVnc or X509Vnc
>>>>
>>>> By default server allows VncAuth and TLSVnc.
>>>>
>>>> Correct approach is:
>>>> 1. if -SecurityTypes parameter is not specified, create .vnc/passwd
>>>> 2. if -SecurityTypes contains at least one of three types specified
>>>> above, create .vnc/passwd
>>>> 3. otherwise don't create .vnc/passwd
>>>>
>>>> Note in 1. and 2. cases you need to pass -rfbauth parameter, otherwise
>>>> Xvnc won't find password file.
>>>>
>>>> With this checks vncserver will create .vnc/passwd only when needed.
>>>>
>>>>
>>> Ok, I was about to get this as well ;) In addition to the above:
>>> 4. do not create .vnc/passwd if -Password, -PasswordFile or -rfbauth is
>>> already given.
>> Right you are, I forgot this case ;)
>>
>>> Thinking about -Password: is there any sane environment where this is
>>> still used?
>> If I remember correctly someone uses this option for one-time
>> passwords in his TigerVNC server deployment.
>>
>> Regards, Adam
>>
> Ok, here is, at last, the patch for the vncserver script, which checks
> the above. Maybe not the strongest piece of Perl, but it works ;)
>
>
> --- vncserverorg 2011-03-07 21:35:04.588985408 +0100
> +++ vncserver 2011-03-08 13:46:03.000000000 +0100
> @@ -160,17 +160,57 @@
> }
> }
>
> -# Make sure the user has a password.
> +# Make sure the user has a password, if one needed
>
> -($z,$z,$mode) = stat("$vncUserDir/passwd");
> -if (!(-e "$vncUserDir/passwd") || ($mode & 077)) {
> - warn "\nYou will require a password to access your desktops.\n\n";
> - system($exedir."vncpasswd -q $vncUserDir/passwd");
> - if (($? >> 8) != 0) {
> - exit 1;
> +# Check the arguments to check if VncAuth or TLSVnc or X509Vnc
> +# is used as SecurityType, if SecurityType is specified at all.
> +# If a password option is given at the command line, trust this (i.e.
> do not check for existence).
> +$has_securitytype = 0;
> +$has_vnclikeauth = 0;
> +$has_pwdcmdline = 0;
> +
> +for ($i=0; $i<@ARGV; ++$i) {
> + # Options can be given by space (-SecurityTypes VNCAuth) or by =
> (-SecurityTypes=VNCAuth)
> + my @splitargs = split('=', $ARGV[$i]);
> + push(@splitargs, $ARGV[$i+1]);
> +
> + # Check for security types
> + if (lc(@splitargs[0]) eq "-securitytypes")
> + {
> + $has_securitytype = 1;
> +
> + foreach $arg2 (split(',', @splitargs[1]))
> + {
> + if ((lc($arg2) eq "vncauth") || (lc($arg2) eq "tlsvnc") ||
> (lc($arg2) eq "x509vnc"))
> + {
> + # Need password
> + $has_vnclikeauth = 1;
> + }
> + }
> + }
> +
> + # Check for Password, PasswordFile or rfbauth options
> + if ((lc(@splitargs[0]) eq "-password") || (lc(@splitargs[0]) eq
> "-passwordfile" || (lc(@splitargs[0]) eq "-rfbauth")))
> + {
> + $has_pwdcmdline = 1;
> }
> }
>
> +# Now do some logic, and set VNC Password if it does not already exists
> +if ((!$has_securitytype || ($has_securitytype && $has_vnclikeauth)) &&
> !$has_pwdcmdline)
> +{
> + $needvncpass = 1;
> + ($z,$z,$mode) = stat("$vncUserDir/passwd");
> + if (!(-e "$vncUserDir/passwd") || ($mode & 077)) {
> + warn "\nYou will require a password to access your desktops.\n\n";
> + system($exedir."vncpasswd -q $vncUserDir/passwd");
> + if (($? >> 8) != 0) {
> + exit 1;
> + }
> + }
> +}
> +
> +
> # Find display number.
>
> if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
>
>
>
> ------------------------------------------------------------------------------
> What You Don't Know About Data Connectivity CAN Hurt You
> This paper provides an overview of data connectivity, details
> its effect on application quality, and explores various alternative
> solutions. http://p.sf.net/sfu/progress-d2d
> _______________________________________________
> Tigervnc-devel mailing list
> Tigervnc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Tigervnc-devel mailing list
Tigervnc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
