After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 156242 - option to bind to localhost only?
option to bind to localhost only?
Status: RESOLVED FIXED
Product: vino
Classification: Applications
Component: Server
unspecified
Other Linux
: Low enhancement
: ---
Assigned To: Vino Maintainer(s)
Vino Maintainer(s)
: 335229 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2004-10-23 19:27 UTC by Hein Roehrig
Modified: 2006-10-23 10:43 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
localhost patch for vino (20.96 KB, patch)
2006-09-10 16:58 UTC, Shaya Potter
committed Details | Review

Description Hein Roehrig 2004-10-23 19:27:36 UTC
It would be nice to have vino only bind the server port to localhost, for
situations where tunneling over SSH is desired.

If there is interest, I could come up with a patch to achieve this.

Thanks,
Hein
Comment 1 August Mayer 2005-08-01 10:49:02 UTC
I'd like this option too. Implementing this is simple; the result is moderately
hard to setup, but it's secure and removes the additional point of attack of the
open VNC point.
Comment 2 Steven Yuchao Zhang 2006-07-04 14:11:49 UTC
I like this option, if so, then we can run force vino server only accept ssh connection.

Hein, if you have a patch, do you mind to send it to me, if you don't have a patch, I can work with you on this.
Comment 3 Hein Roehrig 2006-07-04 21:51:10 UTC
Sorry I don't have a patch and currently I also don't have the time to look into this issue, but thanks for following up!
Comment 4 Shaya Potter 2006-09-10 16:58:48 UTC
Created attachment 72507 [details] [review]
localhost patch for vino

here's a patch I cooked up quickly to add localhost support. a bit ugly as libvncserver is really separate from the vino source
Comment 5 Mark McLoughlin 2006-10-13 08:51:39 UTC
Thanks Shaya

2006-10-12  Mark McLoughlin  <mark@skynet.ie>

        Add a "local_only" GConf key, for people who want to exclusively
        use SSH tunnels to access the server.

        Based on patch from Shaya Potter <spotter@cs.columbia.edu>
        in bug #156242

        * server/libvncserver/sockets.c:
        (rfbInitSockets): pass rfbScreen->localOnly to ListenOnTcpPort()
        (rfbSetLocalOnly): re-bind the socket if localOnly changes.
        (ListenOnTcpPort): add localOnly argument and bind with
        INADDR_LOOPBACK if true.

        * server/libvncserver/rfb/rfb.h: modify ListenOnTcpPort()
        prototype and add rfbSetLocalOnly()

        * server/libvncserver/main.c: (rfbGetScreen): init localOnly.

        * server/libvncserver/CHANGES: add note.

        * server/vino-server.schemas.in: add local_only GConf key

        * server/vino-prefs.c:
        (vino_prefs_local_only_changed),
        (vino_prefs_create_server),
        (vino_prefs_init): add handling for local_only key

        * server/vino-prefs.c:
        (vino_prefs_local_only_changed),
        (vino_prefs_create_server),
        (vino_prefs_init): add handling for local_only key

        * server/vino-server.[ch]:
        (vino_server_init_from_screen): propogate local_only to rfbScreen.
        (vino_server_set_property), (vino_server_get_property),
        (vino_server_class_init): add "local-only" property
        (vino_server_get_local_only),
        (vino_server_set_local_only): add accessors. Call rfbSetLocalOnly()
        if it changes.

Comment 6 Mark McLoughlin 2006-10-13 09:00:53 UTC
I've logged bug #361891 to discussion how we want to change the preferences dialog
Comment 7 Mark McLoughlin 2006-10-23 10:43:22 UTC
*** Bug 335229 has been marked as a duplicate of this bug. ***