New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vncpassfile #497
Vncpassfile #497
Conversation
Let me manually merge this if it all looks good. |
@@ -416,6 +416,21 @@ scp_session_set_addr(struct SCP_SESSION *s, int type, const void *addr) | |||
} | |||
|
|||
/*******************************************************************/ | |||
int | |||
scp_session_set_guid(struct SCP_SESSION *s, const tui8 *guid) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If tui8 a useful type? uint8_t is a standard type that is also unsigned 8-bit integer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently we are not using the _t types, only the t types in arch.h
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, we can change it after the release.
int | ||
scp_session_set_guid(struct SCP_SESSION *s, const tui8 *guid) | ||
{ | ||
if (0 == guid) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's use NULL for pointers, it's more readable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know what you mean here, the NULL means it's a pointer. Currently, zeros are used all over the project. I've never liked that NULL is defined differently sometimes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NULL is a special value for every variable that can be compared to it (i.e. every pointer). But 0 is not always a special value for a variable that can be compared to it. A variable can be 0 and be used, say, as an index. When I see comparison to 0, I need to examine it more closely. It can be a pointer check, or it can be something completely different.
@@ -61,7 +61,7 @@ scp_v0s_accept(struct SCP_CONNECTION* c, struct SCP_SESSION** s, int skipVchk); | |||
* | |||
*/ | |||
enum SCP_SERVER_STATES_E | |||
scp_v0s_allow_connection(struct SCP_CONNECTION* c, SCP_DISPLAY d); | |||
scp_v0s_allow_connection(struct SCP_CONNECTION* c, SCP_DISPLAY d, tui8 *guid); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe it should be a constant pointer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree.
@@ -99,6 +99,11 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) | |||
|
|||
if (1 == access_login_allowed(s->username)) | |||
{ | |||
tui8 guid[16]; | |||
|
|||
g_random((char*)guid, 16); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use correct spacing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
@@ -410,7 +410,8 @@ wait_for_xserver(int display) | |||
static int APP_CC | |||
session_start_fork(int width, int height, int bpp, char *username, | |||
char *password, tbus data, tui8 type, char *domain, | |||
char *program, char *directory, char *client_ip) | |||
char *program, char *directory, char *client_ip, | |||
const tui8 *guid) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would not it be easier to send the session pointer instead of so many fields?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking that too, I'll take a look at it.
} | ||
|
||
/******************************************************************************/ | ||
/* taken from vncauth.c */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Function comments should primarily describe what the function does, not where the code came from.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
/******************************************************************************/ | ||
/* taken from vncauth.c */ | ||
void DEFAULT_CC | ||
rfbHashEncryptBytes(char *bytes, char *passwd) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do both arguments need to be non-constant?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ouch! This function needs a real comment.
@@ -1195,11 +1199,18 @@ xrdp_mm_process_login_response(struct xrdp_mm *self, struct stream *s) | |||
int rv; | |||
char ip[256]; | |||
char port[256]; | |||
tui8 guid[16]; | |||
tui8* pguid; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Formatting - *
sticks to the variable, not to the type.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yup
@@ -1422,6 +1447,11 @@ lib_mod_set_param(struct vnc *v, const char *name, char *value) | |||
{ | |||
v->delay_ms = g_atoi(value); | |||
} | |||
else if (g_strcasecmp(name, "guid") == 0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is a user configuration needed? Should it be documented?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the only API to give the modules general data. We don't give the modules access to the entire xrdp internals.
It was not meant to be only user data.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand. Should users configure it? If not, who should configure it? If nobody should configure it, why is it read from the config file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lib_mod_set_param is not only for passing params from config file,
please look @ https://github.com/jsorg71/xrdp/blob/ed862ea361e1a364f153da2bd22c402f529b547e/xrdp/xrdp_mm.c#L568
This is the api for passing params to modules also for internal usages.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I see it now.
@@ -1422,6 +1447,11 @@ lib_mod_set_param(struct vnc *v, const char *name, char *value) | |||
{ | |||
v->delay_ms = g_atoi(value); | |||
} | |||
else if (g_strcasecmp(name, "guid") == 0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I see it now.
#523 has been merged. I assume this PR can be closed. |
Additional note for this pull request. Originally reported to by Dag-Erling Smørgrav and Petter Reinholdtsen:
This issue got assigned back then CVE-2013-1430 |
This fixes an old VNC security issue were the VNC password file is based on the user password.
Now it is derived from a random GUID that is generated for each session.
This GUID can be used in the future for session reconnect and other things.