@@ -85,10 +85,6 @@ int guac_vnc_user_join_handler(guac_user* user, int argc, char** argv) {
8585 if (!settings -> disable_paste )
8686 user -> clipboard_handler = guac_vnc_clipboard_handler ;
8787
88- /* Updates to connection parameters if we own the connection */
89- if (user -> owner )
90- user -> argv_handler = guac_argv_handler ;
91-
9288#ifdef ENABLE_COMMON_SSH
9389 /* Set generic (non-filesystem) file upload handler */
9490 if (settings -> enable_sftp && !settings -> sftp_disable_upload )
@@ -97,6 +93,26 @@ int guac_vnc_user_join_handler(guac_user* user, int argc, char** argv) {
9793
9894 }
9995
96+ /**
97+ * Update connection parameters if we own the connection.
98+ *
99+ * Note that the argv handler is called *regardless* of whether
100+ * or not the connection is read-only, as this allows authentication
101+ * to be prompted and processed even if the owner cannot send
102+ * input to the remote session. In the future, if other argv handling
103+ * is added to the VNC protocol, checks may need to be done within
104+ * the argv handler to verify that read-only connections remain
105+ * read-only.
106+ *
107+ * Also, this is only handled for the owner - if the argv handler
108+ * is expanded to include non-owner users in the future, special
109+ * care will need to be taken to make sure that the arguments
110+ * processed by the handler do not have unintended security
111+ * implications for non-owner users.
112+ */
113+ if (user -> owner )
114+ user -> argv_handler = guac_argv_handler ;
115+
100116 return 0 ;
101117
102118}
0 commit comments