From 7a695c976e584f31da4bf53344f9c50a8902200c Mon Sep 17 00:00:00 2001
From: Lauri Kasanen <cand@gmx.com>
Date: Mon, 10 May 2021 11:02:20 +0300
Subject: [PATCH] Writer perms were checked in multiple places, consolidate and
 fix a missing case

---
 common/rfb/SConnection.h        | 3 +++
 common/rfb/VNCSConnectionST.cxx | 9 +++++----
 common/rfb/VNCSConnectionST.h   | 2 +-
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/common/rfb/SConnection.h b/common/rfb/SConnection.h
index 4f8e4c7..811ba04 100644
--- a/common/rfb/SConnection.h
+++ b/common/rfb/SConnection.h
@@ -252,4 +252,7 @@ namespace rfb {
     bool hasLocalClipboard;
   };
 }
+
+#define WRITER_PERMS (AccessKeyEvents | AccessPtrEvents | AccessCutText | AccessSetDesktopSize)
+
 #endif
diff --git a/common/rfb/VNCSConnectionST.cxx b/common/rfb/VNCSConnectionST.cxx
index 0ad5d49..1d34c11 100644
--- a/common/rfb/VNCSConnectionST.cxx
+++ b/common/rfb/VNCSConnectionST.cxx
@@ -86,8 +86,9 @@ VNCSConnectionST::VNCSConnectionST(VNCServerST* server_, network::Socket *s,
   }
 
   bool write, owner;
-  if (!getPerms(write, owner) || !write)
-    accessRights = (accessRights & ~(AccessPtrEvents | AccessKeyEvents | AccessSetDesktopSize));
+  if (!getPerms(write, owner) || !write) {
+    accessRights &= ~WRITER_PERMS;
+  }
 
   // Configure the socket
   setSocketTimeouts();
@@ -1216,9 +1217,9 @@ void VNCSConnectionST::writeFramebufferUpdate()
       close("User was deleted");
       return;
     } else if (!write) {
-      accessRights = (accessRights & ~(AccessPtrEvents | AccessKeyEvents | AccessSetDesktopSize));
+      accessRights &= ~WRITER_PERMS;
     } else {
-      accessRights |= AccessPtrEvents | AccessKeyEvents | AccessSetDesktopSize;
+      accessRights |= WRITER_PERMS;
     }
   }
 
diff --git a/common/rfb/VNCSConnectionST.h b/common/rfb/VNCSConnectionST.h
index 1bc6ba5..0a3bcdc 100644
--- a/common/rfb/VNCSConnectionST.h
+++ b/common/rfb/VNCSConnectionST.h
@@ -206,7 +206,7 @@ namespace rfb {
 
         bool write, owner;
         if (!getPerms(write, owner) || !write)
-            accessRights = (accessRights & ~(AccessPtrEvents | AccessKeyEvents));
+            accessRights &= ~WRITER_PERMS;
         needsPermCheck = false;
     }