The syslog file descriptor will be closed when we are cleaning up in
preparation for running the vncserver script, so we need to explicitly
reopen things in case we need to log errors.
At the same time, try to be polite and explicitly close the log when
appropriate.
There is too much variation between distributions for us to have a good
PAM configuration that works everywhere. Try to make this more obvious
by having a comment at the top of the file.
Move these RFB specific things to rfb::VNCServer, for clarity.
Signed-off-by: Pierre Ossman <ossman@cendio.se>
Signed-off-by: Carlos Santos <casantos@redhat.com>
The common use case is probably to only listem to the systemd provided
socket when using socket activation, but it might not be the only use
case. Make sure things can be combined if explicitly requested.
x0vncserver: Add support for systemd socket activation
systemd can pass in sockets as file descriptors 3 and beyond. Allows
the server to use socket activation.
When triggered by systemd, no other listening sockets (e.g. rfbport) will
be activated.
Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
It's a reoccurring issue that users try to build individual components
by pointing cmake at a specific subdirectory, e.g. 'cmake vncviewer'.
CMake, unfortunately, has insufficient protection against this so we'll
need to add a manual check.
This commit only adds it to the most likely places for misuse so we
don't have to pollute every CMakeLists.txt.
Replace INITARGS with void in function parameter list
Most compilers currently accept arbitrary identifiers in this place
and ignore then, but this is going to change and turn into an error.
(It prevents compilers from diagnosing misspelled type names,
and the resulting declaration is not a prototype, so no type
errors will be reported at call sites.)
Add option to run vncsession without forking and detaching
Option is -D, which is what sshd uses for the same option.
Also add description of the new option to the vncsession
man page.
Tested on Void Linux using the new option, also tested on
Fedora without using the new option.
Resolves #1649
This change makes the ZRLEEncoder respect a client's desired
compressionLevel. The ZlibLevel option is marked deprecated and removed
from the manpages.
This is mainly a copy of XKeysymToString() from libX11. We've also added
a wrapper that still gives a string, even if there is no name for the
requested keysym.
This grows the binaries a bit, but not with any extreme amount so is
hopefully worth it to get better debug logging.
We user the real, not the effective user ID, to check if the user is
allowed to log in with the "Plain" security types. Otherwise it would be
necessary to log in as root when Xvnc is installed with the set-user-id
bit on.
Signed-off-by: Carlos Santos <casantos@redhat.com>
This permits to enable PAM for the effective user of the Xvnc process by
adding this to ~/.vnc/config or /etc/tigervnc/vncserver-config-defaults:
SecurityTypes=TLSPlain
PlainUsers=%u
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2233204
Signed-off-by: Carlos Santos <casantos@redhat.com>
Don't assume a lack of TCP listeners means the server will be
unreachable. There might be other methods of access, so let the higher
levels do that sanity check instead.
It was a poor choice of words to call these keysyms "unknown" as they
are likely perfectly normal keysyms, they just cannot be found in the
currently loaded keyboard layout. This log message has confused users,
so let's get rid of the "unknown" part.
We already use the verb "add" heavily in the other log messages, so
let's keep that rather than switch to some for of "map".
We should handle this in the low-level protocol code as much as possible
to avoid mistakes. This way the rest of the code can assume that strings
are always UTF-8 with \n line endings.
We mostly use classical C strings, but the memory management around them
can get confusing and error prone. Let's use std::string for the cases
where we need to return a newly allocated string.