Vncpassfile #497
Vncpassfile #497
Conversation
|
Let me manually merge this if it all looks good. |
| @@ -416,6 +416,21 @@ scp_session_set_addr(struct SCP_SESSION *s, int type, const void *addr) | |||
| } | |||
|
|
|||
| /*******************************************************************/ | |||
| int | |||
| scp_session_set_guid(struct SCP_SESSION *s, const tui8 *guid) | |||
There was a problem hiding this comment.
If tui8 a useful type? uint8_t is a standard type that is also unsigned 8-bit integer.
There was a problem hiding this comment.
Currently we are not using the _t types, only the t types in arch.h
There was a problem hiding this comment.
OK, we can change it after the release.
| int | ||
| scp_session_set_guid(struct SCP_SESSION *s, const tui8 *guid) | ||
| { | ||
| if (0 == guid) |
There was a problem hiding this comment.
Let's use NULL for pointers, it's more readable.
There was a problem hiding this comment.
I know what you mean here, the NULL means it's a pointer. Currently, zeros are used all over the project. I've never liked that NULL is defined differently sometimes.
There was a problem hiding this comment.
NULL is a special value for every variable that can be compared to it (i.e. every pointer). But 0 is not always a special value for a variable that can be compared to it. A variable can be 0 and be used, say, as an index. When I see comparison to 0, I need to examine it more closely. It can be a pointer check, or it can be something completely different.
| @@ -61,7 +61,7 @@ scp_v0s_accept(struct SCP_CONNECTION* c, struct SCP_SESSION** s, int skipVchk); | |||
| * | |||
| */ | |||
| enum SCP_SERVER_STATES_E | |||
| scp_v0s_allow_connection(struct SCP_CONNECTION* c, SCP_DISPLAY d); | |||
| scp_v0s_allow_connection(struct SCP_CONNECTION* c, SCP_DISPLAY d, tui8 *guid); | |||
There was a problem hiding this comment.
I believe it should be a constant pointer.
| @@ -99,6 +99,11 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) | |||
|
|
|||
| if (1 == access_login_allowed(s->username)) | |||
| { | |||
| tui8 guid[16]; | |||
|
|
|||
| g_random((char*)guid, 16); | |||
There was a problem hiding this comment.
Please use correct spacing.
| @@ -410,7 +410,8 @@ wait_for_xserver(int display) | |||
| static int APP_CC | |||
| session_start_fork(int width, int height, int bpp, char *username, | |||
| char *password, tbus data, tui8 type, char *domain, | |||
| char *program, char *directory, char *client_ip) | |||
| char *program, char *directory, char *client_ip, | |||
| const tui8 *guid) | |||
There was a problem hiding this comment.
Would not it be easier to send the session pointer instead of so many fields?
There was a problem hiding this comment.
I was thinking that too, I'll take a look at it.
| } | ||
|
|
||
| /******************************************************************************/ | ||
| /* taken from vncauth.c */ |
There was a problem hiding this comment.
Function comments should primarily describe what the function does, not where the code came from.
| /******************************************************************************/ | ||
| /* taken from vncauth.c */ | ||
| void DEFAULT_CC | ||
| rfbHashEncryptBytes(char *bytes, char *passwd) |
There was a problem hiding this comment.
Do both arguments need to be non-constant?
There was a problem hiding this comment.
Ouch! This function needs a real comment.
| @@ -1195,11 +1199,18 @@ xrdp_mm_process_login_response(struct xrdp_mm *self, struct stream *s) | |||
| int rv; | |||
| char ip[256]; | |||
| char port[256]; | |||
| tui8 guid[16]; | |||
| tui8* pguid; | |||
There was a problem hiding this comment.
Formatting - * sticks to the variable, not to the type.
| @@ -1422,6 +1447,11 @@ lib_mod_set_param(struct vnc *v, const char *name, char *value) | |||
| { | |||
| v->delay_ms = g_atoi(value); | |||
| } | |||
| else if (g_strcasecmp(name, "guid") == 0) | |||
There was a problem hiding this comment.
Why is a user configuration needed? Should it be documented?
There was a problem hiding this comment.
This is the only API to give the modules general data. We don't give the modules access to the entire xrdp internals.
It was not meant to be only user data.
There was a problem hiding this comment.
I don't understand. Should users configure it? If not, who should configure it? If nobody should configure it, why is it read from the config file?
There was a problem hiding this comment.
lib_mod_set_param is not only for passing params from config file,
please look @ https://github.com/jsorg71/xrdp/blob/ed862ea361e1a364f153da2bd22c402f529b547e/xrdp/xrdp_mm.c#L568
This is the api for passing params to modules also for internal usages.
| @@ -1422,6 +1447,11 @@ lib_mod_set_param(struct vnc *v, const char *name, char *value) | |||
| { | |||
| v->delay_ms = g_atoi(value); | |||
| } | |||
| else if (g_strcasecmp(name, "guid") == 0) | |||
|
#523 has been merged. I assume this PR can be closed. |
|
Additional note for this pull request. Originally reported to by Dag-Erling Smørgrav and Petter Reinholdtsen:
This issue got assigned back then CVE-2013-1430 |
This fixes an old VNC security issue were the VNC password file is based on the user password.
Now it is derived from a random GUID that is generated for each session.
This GUID can be used in the future for session reconnect and other things.