Prevent read-only clients from changing kasm settings

This commit is contained in:
Lauri Kasanen 2020-10-14 15:44:48 +03:00
parent a27744bca6
commit 1f69d1584a
6 changed files with 20 additions and 5 deletions

View File

@ -26,6 +26,7 @@
#include <rfb/ledStates.h> #include <rfb/ledStates.h>
#include <rfb/ConnParams.h> #include <rfb/ConnParams.h>
#include <rfb/ServerCore.h> #include <rfb/ServerCore.h>
#include <rfb/SMsgHandler.h>
#include <rfb/util.h> #include <rfb/util.h>
using namespace rfb; using namespace rfb;
@ -43,7 +44,7 @@ ConnParams::ConnParams()
supportsContinuousUpdates(false), supportsContinuousUpdates(false),
compressLevel(2), qualityLevel(-1), fineQualityLevel(-1), compressLevel(2), qualityLevel(-1), fineQualityLevel(-1),
subsampling(subsampleUndefined), name_(0), verStrPos(0), subsampling(subsampleUndefined), name_(0), verStrPos(0),
ledState_(ledUnknown) ledState_(ledUnknown), shandler(NULL)
{ {
memset(kasmPassed, 0, KASM_NUM_SETTINGS); memset(kasmPassed, 0, KASM_NUM_SETTINGS);
setName(""); setName("");
@ -124,6 +125,8 @@ void ConnParams::setEncodings(int nEncodings, const rdr::S32* encodings)
encodings_.clear(); encodings_.clear();
encodings_.insert(encodingRaw); encodings_.insert(encodingRaw);
bool canChangeSettings = !shandler || shandler->canChangeKasmSettings();
for (int i = nEncodings-1; i >= 0; i--) { for (int i = nEncodings-1; i >= 0; i--) {
switch (encodings[i]) { switch (encodings[i]) {
case encodingCopyRect: case encodingCopyRect:
@ -184,11 +187,11 @@ void ConnParams::setEncodings(int nEncodings, const rdr::S32* encodings)
subsampling = subsample16X; subsampling = subsample16X;
break; break;
case pseudoEncodingPreferBandwidth: case pseudoEncodingPreferBandwidth:
if (!rfb::Server::ignoreClientSettingsKasm) if (!rfb::Server::ignoreClientSettingsKasm && canChangeSettings)
Server::preferBandwidth.setParam(); Server::preferBandwidth.setParam();
break; break;
case pseudoEncodingMaxVideoResolution: case pseudoEncodingMaxVideoResolution:
if (!rfb::Server::ignoreClientSettingsKasm) if (!rfb::Server::ignoreClientSettingsKasm && canChangeSettings)
kasmPassed[KASM_MAX_VIDEO_RESOLUTION] = true; kasmPassed[KASM_MAX_VIDEO_RESOLUTION] = true;
break; break;
} }
@ -205,7 +208,7 @@ void ConnParams::setEncodings(int nEncodings, const rdr::S32* encodings)
encodings[i] <= pseudoEncodingFineQualityLevel100) encodings[i] <= pseudoEncodingFineQualityLevel100)
fineQualityLevel = encodings[i] - pseudoEncodingFineQualityLevel0; fineQualityLevel = encodings[i] - pseudoEncodingFineQualityLevel0;
if (!rfb::Server::ignoreClientSettingsKasm) { if (!rfb::Server::ignoreClientSettingsKasm && canChangeSettings) {
if (encodings[i] >= pseudoEncodingJpegVideoQualityLevel0 && if (encodings[i] >= pseudoEncodingJpegVideoQualityLevel0 &&
encodings[i] <= pseudoEncodingJpegVideoQualityLevel9) encodings[i] <= pseudoEncodingJpegVideoQualityLevel9)
Server::jpegVideoQuality.setParam(encodings[i] - pseudoEncodingJpegVideoQualityLevel0); Server::jpegVideoQuality.setParam(encodings[i] - pseudoEncodingJpegVideoQualityLevel0);

View File

@ -42,6 +42,8 @@ namespace rfb {
const int subsample8X = 4; const int subsample8X = 4;
const int subsample16X = 5; const int subsample16X = 5;
class SMsgHandler;
class ConnParams { class ConnParams {
public: public:
ConnParams(); ConnParams();
@ -74,6 +76,8 @@ namespace rfb {
const PixelFormat& pf() const { return pf_; } const PixelFormat& pf() const { return pf_; }
void setPF(const PixelFormat& pf); void setPF(const PixelFormat& pf);
void setSHandler(SMsgHandler *s) { shandler = s; }
const char* name() const { return name_; } const char* name() const { return name_; }
void setName(const char* name); void setName(const char* name);
@ -136,6 +140,7 @@ namespace rfb {
char verStr[13]; char verStr[13];
int verStrPos; int verStrPos;
unsigned int ledState_; unsigned int ledState_;
SMsgHandler *shandler;
}; };
} }
#endif #endif

View File

@ -24,6 +24,7 @@ using namespace rfb;
SMsgHandler::SMsgHandler() SMsgHandler::SMsgHandler()
{ {
cp.setSHandler(this);
} }
SMsgHandler::~SMsgHandler() SMsgHandler::~SMsgHandler()

View File

@ -56,6 +56,8 @@ namespace rfb {
virtual void sendStats() = 0; virtual void sendStats() = 0;
virtual bool canChangeKasmSettings() const = 0;
// InputHandler interface // InputHandler interface
// The InputHandler methods will be called for the corresponding messages. // The InputHandler methods will be called for the corresponding messages.

View File

@ -151,7 +151,7 @@ void SMsgReader::readSetMaxVideoResolution()
width = is->readU16(); width = is->readU16();
height = is->readU16(); height = is->readU16();
if (!rfb::Server::ignoreClientSettingsKasm) { if (!rfb::Server::ignoreClientSettingsKasm && handler->canChangeKasmSettings()) {
sprintf(tmp, "%ux%u", width, height); sprintf(tmp, "%ux%u", width, height);
rfb::Server::maxVideoResolution.setParam(tmp); rfb::Server::maxVideoResolution.setParam(tmp);
} }

View File

@ -183,6 +183,10 @@ namespace rfb {
virtual void supportsLEDState(); virtual void supportsLEDState();
virtual void sendStats(); virtual void sendStats();
virtual bool canChangeKasmSettings() const {
return (accessRights & (AccessPtrEvents | AccessKeyEvents)) ==
(AccessPtrEvents | AccessKeyEvents);
}
// setAccessRights() allows a security package to limit the access rights // setAccessRights() allows a security package to limit the access rights
// of a VNCSConnectioST to the server. These access rights are applied // of a VNCSConnectioST to the server. These access rights are applied