#! /bin/sh /usr/share/dpatch/dpatch-run
## mprivacy-enforceparams.dpatch
##
## DP: With -enforceParams specified, the client cannot change server parameters. Special case for cut&paste, if they're defaulting to 1 at startup, then client can change them anyway.

@DPATCH@

diff -urN tiger.ori/unix/xserver/hw/vnc/vncExtInit.cc tiger/unix/xserver/hw/vnc/vncExtInit.cc
--- tiger.ori/unix/xserver/hw/vnc/vncExtInit.cc	2009-11-19 17:04:03.000000000 +0100
+++ tiger/unix/xserver/hw/vnc/vncExtInit.cc	2009-11-19 16:50:57.000000000 +0100
@@ -106,6 +106,9 @@
 static int vncErrorBase = 0;
 static int vncEventBase = 0;
 int vncInetdSock = -1;
+bool enforceParams = false;
+bool allowSendCutText = true;
+bool allowAcceptCutText = true;
 
 rfb::AliasParameter rfbauth("rfbauth", "Alias for PasswordFile",
                             &SSecurityFactoryStandard::vncAuthPasswdFile);
@@ -465,6 +468,18 @@
   strncpy(param.buf, (char*)&stuff[1], stuff->paramLen);
   param.buf[stuff->paramLen] = 0;
 
+  // Lot of special cases here...
+  if (enforceParams) {
+	  if (strncmp(param.buf, "SendCutText", 11) == 0) {
+		  if (!allowSendCutText)
+			  return 0;
+	  } else if (strncmp(param.buf, "AcceptCutText", 13) == 0) {
+		  if (!allowAcceptCutText)
+			  return 0;
+	  } else
+		  return 0;
+  }
+
   xVncExtSetParamReply rep;
   int n;
   rep.type = X_Reply;
diff -urN tiger.ori/unix/xserver/hw/vnc/vncExtInit.h tiger/unix/xserver/hw/vnc/vncExtInit.h
--- tiger.ori/unix/xserver/hw/vnc/vncExtInit.h	2009-11-19 17:04:03.000000000 +0100
+++ tiger/unix/xserver/hw/vnc/vncExtInit.h	2009-11-19 16:50:45.000000000 +0100
@@ -32,6 +32,9 @@
 extern void* vncFbptr[];
 extern int vncFbstride[];
 extern int vncInetdSock;
+extern bool enforceParams;
+extern bool allowSendCutText;
+extern bool allowAcceptCutText;
 extern rfb::StringParameter httpDir;
 
 #endif
diff -urN tiger.ori/unix/xserver/hw/vnc/xvnc.cc tiger/unix/xserver/hw/vnc/xvnc.cc
--- tiger.ori/unix/xserver/hw/vnc/xvnc.cc	2009-11-19 17:04:03.000000000 +0100
+++ tiger/unix/xserver/hw/vnc/xvnc.cc	2009-11-19 16:51:50.000000000 +0100
@@ -277,6 +277,7 @@
     ErrorF("-depth D               set screen 0's depth\n");
     ErrorF("-pixelformat fmt       set pixel format (rgbNNN or bgrNNN)\n");
     ErrorF("-inetd                 has been launched from inetd\n");
+    ErrorF("-enforceParams         forbid client to change server parameters (except cut&paste if set to 1)\n");
     ErrorF("\nVNC parameters:\n");
 
     fprintf(stderr,"\n"
@@ -514,6 +515,18 @@
 	return 2;
     }
 
+    if (strcmp(argv[i], "-enforceParams") == 0)
+    {
+	enforceParams = true;
+	return 1;
+    }
+
+    if ((strcmp(argv[i], "-SendCutText=0") == 0) || (strcmp(argv[i], "SendCutText=0") == 0))
+	    allowSendCutText = false;
+
+    if ((strcmp(argv[i], "-AcceptCutText=0") == 0) || (strcmp(argv[i], "AcceptCutText=0") == 0))
+	    allowAcceptCutText = false;
+
     if (strcmp(argv[i], "-inetd") == 0)
     {
 	dup2(0,3);
@@ -537,7 +550,7 @@
 	
 	return 1;
     }
-    
+
     if (rfb::Configuration::setParam(argv[i]))
 	return 1;