Avoid duplicating this complexity in too many places.

At the same time make the interface more identical to regular mkdir(),
for familiarity.

This is only needed because of an historical type change of the legacy
directory, so avoid doing it anywhere else.

The syslog file descriptor will be closed when we are cleaning up in
preparation for running the vncserver script, so we need to explicitly
reopen things in case we need to log errors.

At the same time, try to be polite and explicitly close the log when
appropriate.

E.g. pam_env.so might modify this variable, so we should see what we get
out of PAM when building a log file path.

There is too much variation between distributions for us to have a good
PAM configuration that works everywhere. Try to make this more obvious
by having a comment at the top of the file.

Specifies that the server must ignore all keyboard or mouse events sent
by the client.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2180903
Signed-off-by: Carlos Santos <casantos@redhat.com>

Move these RFB specific things to rfb::VNCServer, for clarity.

Signed-off-by: Pierre Ossman <ossman@cendio.se>
Signed-off-by: Carlos Santos <casantos@redhat.com>

The norm is that the install target is read only from the point of view
of the source and build directory, so avoid accidentally triggering any
build.

Make it easier to work iteratively by not having to remove the output
file each time.

Although unlikely, there might be other parts of the X server that are
also interested in this call. Make sure we propagate things on properly.

It doesn't just control button events, but all types of pointer events,
including movement.

The MIT-SHM documentation:
  https://www.x.org/releases/X11R7.7/doc/xextproto/shm.html
says to run XShmDetach() first, and then to destroy the segment.

(cherry picked from commit 585ee24d4c)

This keep everything consistent.

It is REQUIRED in this context, so we can assume X11 has been found.

The common use case is probably to only listem to the systemd provided
socket when using socket activation, but it might not be the only use
case. Make sure things can be combined if explicitly requested.

Avoid magical numbers as it makes it hard to understand the code.

systemd can pass in sockets as file descriptors 3 and beyond. Allows
the server to use socket activation.

When triggered by systemd, no other listening sockets (e.g. rfbport) will
be activated.

Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>

This affects the ordering of visuals, which breaks some buggy
applications that assume the first visual is the root window visual.

Use dup() instead to get an available file descriptor to avoid hijacking
already existing descriptor.

Fixes #1709

It's a reoccurring issue that users try to build individual components
by pointing cmake at a specific subdirectory, e.g. 'cmake vncviewer'.
CMake, unfortunately, has insufficient protection against this so we'll
need to add a manual check.

This commit only adds it to the most likely places for misuse so we
don't have to pollute every CMakeLists.txt.

Most compilers currently accept arbitrary identifiers in this place
and ignore then, but this is going to change and turn into an error.
(It prevents compilers from diagnosing misspelled type names,
and the resulting declaration is not a prototype, so no type
errors will be reported at call sites.)

Option is -D, which is what sshd uses for the same option.

Also add description of the new option to the vncsession
man page.

Tested on Void Linux using the new option, also tested on
Fedora without using the new option.

Resolves #1649

This change makes the ZRLEEncoder respect a client's desired
compressionLevel. The ZlibLevel option is marked deprecated and removed
from the manpages.

This is mainly a copy of XKeysymToString() from libX11. We've also added
a wrapper that still gives a string, even if there is no name for the
requested keysym.

This grows the binaries a bit, but not with any extreme amount so is
hopefully worth it to get better debug logging.

We user the real, not the effective user ID, to check if the user is
allowed to log in with the "Plain" security types. Otherwise it would be
necessary to log in as root when Xvnc is installed with the set-user-id
bit on.

Signed-off-by: Carlos Santos <casantos@redhat.com>

This permits to enable PAM for the effective user of the Xvnc process by
adding this to ~/.vnc/config or /etc/tigervnc/vncserver-config-defaults:

   SecurityTypes=TLSPlain
   PlainUsers=%u

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2233204
Signed-off-by: Carlos Santos <casantos@redhat.com>

Don't assume a lack of TCP listeners means the server will be
unreachable. There might be other methods of access, so let the higher
levels do that sanity check instead.

This will not do the correct thing for Unix sockets.

It was a poor choice of words to call these keysyms "unknown" as they
are likely perfectly normal keysyms, they just cannot be found in the
currently loaded keyboard layout. This log message has confused users,
so let's get rid of the "unknown" part.

We already use the verb "add" heavily in the other log messages, so
let's keep that rather than switch to some for of "map".

We should handle this in the low-level protocol code as much as possible
to avoid mistakes. This way the rest of the code can assume that strings
are always UTF-8 with \n line endings.

Make sure we can actually build without XRandR libraries.

Make sure we can actually build without XFixes libraries.

Make sure we can actually build without XTest libraries.

The need for these must have got lost somewhere in the type cleanup.

It is more specific, and it properly sets up propagation when include
directories also need to be used further down a dependency chain.

Addresses the following AVC denial:

type=PROCTITLE msg=audit(01/12/2023 02:58:12.648:696) : proctitle=/usr/sbin/vncsession fedora :1
type=PATH msg=audit(01/12/2023 02:58:12.648:696) : item=1 name=/home/fedora/.vnc nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(01/12/2023 02:58:12.648:696) : item=0 name=/home/fedora/ inode=262145 dev=fc:02 mode=dir,700 ouid=fedora ogid=fedora rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(01/12/2023 02:58:12.648:696) : cwd=/home/fedora
type=SYSCALL msg=audit(01/12/2023 02:58:12.648:696) : arch=x86_64 syscall=mkdir success=no exit=EACCES(Permission denied) a0=0x7fff47d52540 a1=0755 a2=0x0 a3=0x0 items=2 ppid=2869 pid=2880 auid=fedora uid=fedora gid=fedora euid=fedora suid=fedora fsuid=fedora egid=fedora sgid=fedora fsgid=fedora tty=(none) ses=8 comm=vncsession exe=/usr/sbin/vncsession subj=system_u:system_r:vnc_session_t:s0 key=(null)
type=AVC msg=audit(01/12/2023 02:58:12.648:696) : avc:  denied  { create } for  pid=2880 comm=vncsession name=.vnc scontext=system_u:system_r:vnc_session_t:s0 tcontext=system_u:object_r:vnc_home_t:s0 tclass=dir permissive=0

Resolves: rhbz#2143704

Make sure we don't send a bogus request to the X server in the (common)
case that we don't actually have anything to restore.

It doesn't use any exceptions, so stop including the header for it.

It's just confusing that we have our own variety that isn't compatible.

It has now been replaced, mostly by std::string, so remove the actual
type definition.

Let's use a more common type instead of something homegrown. Should be
more familiar to new developers.

We mostly use classical C strings, but the memory management around them
can get confusing and error prone. Let's use std::string for the cases
where we need to return a newly allocated string.

We know the needed space here, so let's keep it simple with a constant
size string buffer.