Prevent read-only clients from changing kasm settings

common/rfb/ConnParams.cxx

@@ -26,6 +26,7 @@
 #include <rfb/ledStates.h>
 #include <rfb/ConnParams.h>
 #include <rfb/ServerCore.h>
+#include <rfb/SMsgHandler.h>
 #include <rfb/util.h>
 
 using namespace rfb;
@@ -43,7 +44,7 @@ ConnParams::ConnParams()
     supportsContinuousUpdates(false),
     compressLevel(2), qualityLevel(-1), fineQualityLevel(-1),
     subsampling(subsampleUndefined), name_(0), verStrPos(0),
-    ledState_(ledUnknown)
+    ledState_(ledUnknown), shandler(NULL)
 {
   memset(kasmPassed, 0, KASM_NUM_SETTINGS);
   setName("");
@@ -124,6 +125,8 @@ void ConnParams::setEncodings(int nEncodings, const rdr::S32* encodings)
   encodings_.clear();
   encodings_.insert(encodingRaw);
 
+  bool canChangeSettings = !shandler || shandler->canChangeKasmSettings();
+
   for (int i = nEncodings-1; i >= 0; i--) {
     switch (encodings[i]) {
     case encodingCopyRect:
@@ -184,11 +187,11 @@ void ConnParams::setEncodings(int nEncodings, const rdr::S32* encodings)
       subsampling = subsample16X;
       break;
     case pseudoEncodingPreferBandwidth:
-      if (!rfb::Server::ignoreClientSettingsKasm)
+      if (!rfb::Server::ignoreClientSettingsKasm && canChangeSettings)
         Server::preferBandwidth.setParam();
       break;
     case pseudoEncodingMaxVideoResolution:
-      if (!rfb::Server::ignoreClientSettingsKasm)
+      if (!rfb::Server::ignoreClientSettingsKasm && canChangeSettings)
         kasmPassed[KASM_MAX_VIDEO_RESOLUTION] = true;
       break;
     }
@@ -205,7 +208,7 @@ void ConnParams::setEncodings(int nEncodings, const rdr::S32* encodings)
         encodings[i] <= pseudoEncodingFineQualityLevel100)
       fineQualityLevel = encodings[i] - pseudoEncodingFineQualityLevel0;
 
-    if (!rfb::Server::ignoreClientSettingsKasm) {
+    if (!rfb::Server::ignoreClientSettingsKasm && canChangeSettings) {
       if (encodings[i] >= pseudoEncodingJpegVideoQualityLevel0 &&
           encodings[i] <= pseudoEncodingJpegVideoQualityLevel9)
           Server::jpegVideoQuality.setParam(encodings[i] - pseudoEncodingJpegVideoQualityLevel0);

common/rfb/ConnParams.h

@@ -42,6 +42,8 @@ namespace rfb {
   const int subsample8X = 4;
   const int subsample16X = 5;
 
+  class SMsgHandler;
+
   class ConnParams {
   public:
     ConnParams();
@@ -74,6 +76,8 @@ namespace rfb {
     const PixelFormat& pf() const { return pf_; }
     void setPF(const PixelFormat& pf);
 
+    void setSHandler(SMsgHandler *s) { shandler = s; }
+
     const char* name() const { return name_; }
     void setName(const char* name);
 
@@ -136,6 +140,7 @@ namespace rfb {
     char verStr[13];
     int verStrPos;
     unsigned int ledState_;
+    SMsgHandler *shandler;
   };
 }
 #endif

common/rfb/SMsgHandler.cxx

@@ -24,6 +24,7 @@ using namespace rfb;
 
 SMsgHandler::SMsgHandler()
 {
+  cp.setSHandler(this);
 }
 
 SMsgHandler::~SMsgHandler()

common/rfb/SMsgHandler.h

@@ -56,6 +56,8 @@ namespace rfb {
 
     virtual void sendStats() = 0;
 
+    virtual bool canChangeKasmSettings() const = 0;
+
     // InputHandler interface
     // The InputHandler methods will be called for the corresponding messages.
 

common/rfb/SMsgReader.cxx

@@ -151,7 +151,7 @@ void SMsgReader::readSetMaxVideoResolution()
   width = is->readU16();
   height = is->readU16();
 
-  if (!rfb::Server::ignoreClientSettingsKasm) {
+  if (!rfb::Server::ignoreClientSettingsKasm && handler->canChangeKasmSettings()) {
     sprintf(tmp, "%ux%u", width, height);
     rfb::Server::maxVideoResolution.setParam(tmp);
   }

common/rfb/VNCSConnectionST.h

@@ -183,6 +183,10 @@ namespace rfb {
     virtual void supportsLEDState();
 
     virtual void sendStats();
+    virtual bool canChangeKasmSettings() const {
+        return (accessRights & (AccessPtrEvents | AccessKeyEvents)) ==
+               (AccessPtrEvents | AccessKeyEvents);
+    }
 
     // setAccessRights() allows a security package to limit the access rights
     // of a VNCSConnectioST to the server.  These access rights are applied