[Development] Allow to modify only "desktop", "SendCutText" and "AcceptCutText"
Xvnc's parameters via vncconfig.

Also Xvnc got new option called "-noclipboard" which disables "*CutText"
runtime modification.


git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4226 3789f03b-4d11-0410-bbf8-ca57d06f2519
diff --git a/unix/xserver/hw/vnc/vncExtInit.cc b/unix/xserver/hw/vnc/vncExtInit.cc
index a014831..d3cfbe2 100644
--- a/unix/xserver/hw/vnc/vncExtInit.cc
+++ b/unix/xserver/hw/vnc/vncExtInit.cc
@@ -86,6 +86,7 @@
 
 static char* clientCutText = 0;
 static int clientCutTextLen = 0;
+bool noclipboard = false;
 
 static XserverDesktop* queryConnectDesktop = 0;
 static void* queryConnectId = 0;
@@ -461,6 +462,10 @@
 
 static int ProcVncExtSetParam(ClientPtr client)
 {
+  char* value1 = 0;
+  char* value2 = 0;
+  rfb::VoidParameter *desktop1, *desktop2;
+
   REQUEST(xVncExtSetParamReq);
   REQUEST_FIXED_SIZE(xVncExtSetParamReq, stuff->paramLen);
   CharArray param(stuff->paramLen+1);
@@ -471,19 +476,28 @@
   int n;
   rep.type = X_Reply;
   rep.length = 0;
+  rep.success = 0;
   rep.sequenceNumber = client->sequence;
 
   // Retrieve desktop name before setting
-  char* value1 = 0;
-  rfb::VoidParameter* desktop1 = rfb::Configuration::getParam("desktop");
+  desktop1 = rfb::Configuration::getParam("desktop");
   if (desktop1)
     value1 = desktop1->getValueStr();
 
+  /*
+   * Allow to change only clipboard parameters and desktop name.
+   * Changing other parameters (for example PAM service name)
+   * could have negative security impact.
+   */
+  if (strcasecmp(param.buf, "desktop") != 0 &&
+      (noclipboard || strcasecmp(param.buf, "SendCutText") != 0) &&
+      (noclipboard || strcasecmp(param.buf, "AcceptCutText") != 0))
+    goto deny;
+
   rep.success = rfb::Configuration::setParam(param.buf);
 
   // Send DesktopName update if desktop name has been changed
-  char* value2 = 0;
-  rfb::VoidParameter* desktop2 = rfb::Configuration::getParam("desktop");
+  desktop2 = rfb::Configuration::getParam("desktop");
   if (desktop2)
     value2 = desktop2->getValueStr();
   if (value1 && value2 && strcmp(value1, value2)) {
@@ -498,6 +512,7 @@
   if (value2)
     delete [] value2;
 
+deny:
   if (client->swapped) {
     swaps(&rep.sequenceNumber, n);
     swapl(&rep.length, n);
diff --git a/unix/xserver/hw/vnc/vncExtInit.h b/unix/xserver/hw/vnc/vncExtInit.h
index af9b2ea..931c28f 100644
--- a/unix/xserver/hw/vnc/vncExtInit.h
+++ b/unix/xserver/hw/vnc/vncExtInit.h
@@ -31,6 +31,7 @@
 extern void vncBell();
 extern void* vncFbptr[];
 extern int vncFbstride[];
+extern bool noclipboard;
 extern int vncInetdSock;
 extern rfb::StringParameter httpDir;
 
diff --git a/unix/xserver/hw/vnc/xvnc.cc b/unix/xserver/hw/vnc/xvnc.cc
index 56912f9..5d5b1ca 100644
--- a/unix/xserver/hw/vnc/xvnc.cc
+++ b/unix/xserver/hw/vnc/xvnc.cc
@@ -291,6 +291,7 @@
     ErrorF("-pixelformat fmt       set pixel format (rgbNNN or bgrNNN)\n");
     ErrorF("-inetd                 has been launched from inetd\n");
     ErrorF("-interface IP_address  listen on specified interface\n");
+    ErrorF("-noclipboard           disable clipboard settings modification via vncconfig utility\n");
     ErrorF("\nVNC parameters:\n");
 
     fprintf(stderr,"\n"
@@ -569,6 +570,11 @@
 
 	return 2;
     }
+
+    if (strcmp(argv[i], "-noclipboard") == 0) {
+	noclipboard = true;
+	return 1;
+    }
     
     if (rfb::Configuration::setParam(argv[i]))
 	return 1;