-
Notifications
You must be signed in to change notification settings - Fork 951
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option allowing to connect only the user owning the running session #1792
base: master
Are you sure you want to change the base?
Conversation
Marking this as a draft as I would like to get some feedback on this first. This feature has been requested by our customer. Their workflow is to configure GDM to accept XDMCP in
And create and start a systemd unit file as
This now allows everyone to connect and log in GDM, however, they want to have an option to only authenticate the same user who logged in through GDM. There are some things I'm not sure about:
|
I'm afraid I don't quite understand the user case. Even more so given the fact that modern systems (of which Red Hat has been a driving force) don't work properly if you are logged in locally and via TigerVNC at the same time. I would more have expected a patch doing the opposite, blocking users that are already logged in elsewhere. Can you explain more why the customer wants this policy, and what they expect to actually happen? |
I probably failed at explanation. The workflow is:
The goal is to have an option that will not allow user |
Ah, this is not an inetd setup. That's usually where XDMCP is used. That complicates things. I don't think the proposed implementation scales. You'd be blocked by any other user login, right? Ideally, we should check the status of this session only. Does the XDMCP-protocol provide any feedback we might use? |
Right, any other running session would be also blocking you.
I don't know, I will look and ask around. That's why I mentioned use of |
The core is not aware of X11 things. And it shouldn't be. So this sounds very much like a frontend thing that should be in Xvnc somewhere. It might be |
I was looking into adding it to |
CMake cannot do much about Xorg's autoconf build. If you need to adjust things there, I'm afraid you'll need to update the patch files that modifes Xorg's |
What about something like this? To enable this, Xvnc has to be built with |
Slightly better. But I'm concerned that this is fundamentally built on making assumptions about what the display manager will do. I would prefer if we kept to things we have control over. Or push those decisions out of TigerVNC. Did you examine what you can get from XDMCP? I'm thinking one model would be that Xvnc keeps track of which user authenticated. Then locks that in as long as XDMCP indicates that a session is active. Once the session ends, Xvnc can forget about the user and go back to accepting everyone. Another approach is to delegate this to something external. Perhaps using the query system. Write a custom program there that can implement the logic of which connections to accept or not. |
Not yet.
Something similar to |
Yes. I'm hoping there is enough information there to act on.
Might be best to make this a separate tool. I'm still unsure if it's too niche to include in the standard TigerVNC. Being a separate tool would definitely make it easier to include. (Related, vncconfig should probably be split in to multiple tools) |
To follow this PR :) |
I've been looking into this and in the XDMCP implementation I can see it regularly checks whether the session is still alive, BUT I don't know how to propagate or connect this with the code I have in
I've been also looking into this and it would be way too much work for something like this. I would prefer spend less time on this. I guess it's fine if you are not going to accept this upstream, still at least some feedback and review will be helpful. Even though it's not the way I prefer, we can at least carry this as a downstream patch. |
03361ee
to
0a06ea6
Compare
Checks, whether the user who is trying to authenticate is already logged into the running session in order to allow or reject the connection. This is expected to be used with 'plain' security type in combination with 'PlainUsers=*' option allowing everyone to connect to the session.
0a06ea6
to
7c48615
Compare
Checks, whether the user who is trying to authenticate is already logged into the running session in order to allow or reject the connection. This is expected to be used with 'plain' security type in combination with 'PlainUsers=*' option allowing everyone to connect to the session.