File: 0230-cache-PasswordFile.patch

package info (click to toggle)
tigervnc 1.15.0%2Bdfsg-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 10,148 kB
  • sloc: cpp: 40,876; java: 35,052; ansic: 13,201; perl: 2,913; makefile: 706; sh: 342; python: 41
file content (147 lines) | stat: -rw-r--r-- 5,195 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
 
Description: Cache the VNC PasswordFile.
 In case the home directory becomes inaccessible, e.g., due to an expired
 Kerberos ticket, the VNC server still needs the content of the VNC password
 file. Otherwise, it is no longer possible to log in using the security types
 VncAuth or X509Vnc.
Author: Joachim Falk <joachim.falk@gmx.de>
Forwarded: no

Index: pkg-tigervnc/common/rfb/SSecurityVncAuth.cxx
===================================================================
--- pkg-tigervnc.orig/common/rfb/SSecurityVncAuth.cxx
+++ pkg-tigervnc/common/rfb/SSecurityVncAuth.cxx
@@ -44,7 +44,7 @@ using namespace rfb;
 
 static LogWriter vlog("SVncAuth");
 
-StringParameter SSecurityVncAuth::vncAuthPasswdFile
+VncAuthPasswdFile SSecurityVncAuth::vncAuthPasswdFile
 ("PasswordFile", "Password file for VNC authentication", "");
 AliasParameter rfbauth("rfbauth", "Alias for PasswordFile",
 		       &SSecurityVncAuth::vncAuthPasswdFile);
@@ -116,9 +116,51 @@ bool SSecurityVncAuth::processMsg()
   throw auth_error("Authentication failed");
 }
 
+VncAuthPasswdFile::VncAuthPasswdFile(const char* name_, const char* desc_, const char* v)
+: StringParameter(name_, desc_, v)
+{
+}
+
+bool VncAuthPasswdFile::setParam(const char* value) {
+  bool status = this->StringParameter::setParam(value);
+  if (status && !getValueStr().empty())
+    readPasswdFile();
+  return status;
+}
+
+bool VncAuthPasswdFile::getPasswd(
+    std::vector<uint8_t> &obfuscated
+  , std::vector<uint8_t> &obfuscatedReadOnly)
+{
+  if (!getValueStr().empty() && (readPasswdFile() || this->obfuscated.size() > 0)) {
+    obfuscated = this->obfuscated;
+    obfuscatedReadOnly = this->obfuscatedReadOnly;
+    return true;
+  } else
+    return false;
+}
+
+bool VncAuthPasswdFile::readPasswdFile() {
+  const char *fname = *this;
+
+  FILE* fp = fopen(fname, "r");
+  if (!fp) {
+    vlog.error("Opening password file '%s' failed", fname);
+    return false;
+  }
+
+  vlog.debug("Reading password file");
+  obfuscated.resize(8);
+  obfuscated.resize(fread(obfuscated.data(), 1, 8, fp));
+  obfuscatedReadOnly.resize(8);
+  obfuscatedReadOnly.resize(fread(obfuscatedReadOnly.data(), 1, 8, fp));
+  fclose(fp);
+  return true;
+}
+
 VncAuthPasswdParameter::VncAuthPasswdParameter(const char* name_,
                                                const char* desc,
-                                               StringParameter* passwdFile_)
+                                               VncAuthPasswdFile* passwdFile_)
 : BinaryParameter(name_, desc, nullptr, 0),
   passwdFile(passwdFile_)
 {
@@ -130,24 +172,10 @@ void VncAuthPasswdParameter::getVncAuthP
 
   if (obfuscated.size() == 0) {
     if (passwdFile) {
-      const char *fname = *passwdFile;
-      if (!fname[0]) {
+      if (!passwdFile->getPasswd(obfuscated, obfuscatedReadOnly)) {
         vlog.info("Neither %s nor %s params set", getName(), passwdFile->getName());
         return;
       }
-
-      FILE* fp = fopen(fname, "r");
-      if (!fp) {
-        vlog.error("Opening password file '%s' failed", fname);
-        return;
-      }
-
-      vlog.debug("Reading password file");
-      obfuscated.resize(8);
-      obfuscated.resize(fread(obfuscated.data(), 1, 8, fp));
-      obfuscatedReadOnly.resize(8);
-      obfuscatedReadOnly.resize(fread(obfuscatedReadOnly.data(), 1, 8, fp));
-      fclose(fp);
     } else {
       vlog.info("%s parameter not set", getName());
     }
Index: pkg-tigervnc/common/rfb/SSecurityVncAuth.h
===================================================================
--- pkg-tigervnc.orig/common/rfb/SSecurityVncAuth.h
+++ pkg-tigervnc/common/rfb/SSecurityVncAuth.h
@@ -32,6 +32,20 @@
 
 namespace rfb {
 
+  class VncAuthPasswdFile : public StringParameter {
+  public:
+    VncAuthPasswdFile(const char* name_, const char* desc_, const char* v);
+
+    bool setParam(const char* value) override;
+
+    bool getPasswd(std::vector<uint8_t> &obfuscated, std::vector<uint8_t> &obfuscatedReadOnly);
+
+  private:
+    std::vector<uint8_t> obfuscated, obfuscatedReadOnly;
+
+    bool readPasswdFile();
+  };
+
   class VncAuthPasswdGetter {
   public:
     // getVncAuthPasswd() fills buffer of given password and readOnlyPassword.
@@ -43,10 +57,10 @@ namespace rfb {
 
   class VncAuthPasswdParameter : public VncAuthPasswdGetter, BinaryParameter {
   public:
-    VncAuthPasswdParameter(const char* name, const char* desc, StringParameter* passwdFile_);
+    VncAuthPasswdParameter(const char* name, const char* desc, VncAuthPasswdFile* passwdFile_);
     void getVncAuthPasswd(std::string *password, std::string *readOnlyPassword) override;
   protected:
-    StringParameter* passwdFile;
+    VncAuthPasswdFile* passwdFile;
   };
 
   class SSecurityVncAuth : public SSecurity {
@@ -56,7 +70,7 @@ namespace rfb {
     int getType() const override {return secTypeVncAuth;}
     const char* getUserName() const override {return nullptr;}
     AccessRights getAccessRights() const override { return accessRights; }
-    static StringParameter vncAuthPasswdFile;
+    static VncAuthPasswdFile vncAuthPasswdFile;
     static VncAuthPasswdParameter vncAuthPasswd;
   private:
     bool verifyResponse(const char* password);