The syslog file descriptor will be closed when we are cleaning up in
preparation for running the vncserver script, so we need to explicitly
reopen things in case we need to log errors.
At the same time, try to be polite and explicitly close the log when
appropriate.
There is too much variation between distributions for us to have a good
PAM configuration that works everywhere. Try to make this more obvious
by having a comment at the top of the file.
Move these RFB specific things to rfb::VNCServer, for clarity.
Signed-off-by: Pierre Ossman <ossman@cendio.se>
Signed-off-by: Carlos Santos <casantos@redhat.com>
Move the AccessRights type and constants to the rfb namespace
They must belong to the rfb namespace, not to the SConnection class.
Also add an AccessNone constant, since it's better to use a mnemonic
symbol rather than zero to initialize the accessRights members.
Signed-off-by: Carlos Santos <casantos@redhat.com>
FLTK can send events with fl_xevent pointing to random memory, which
means that we cannot trust that structure. XQueryPointer() can give us
what we need, at the cost of an extra round trip.
Mouse events in shared connections are locked to one viewer at a time.
If the a mouse drag is happening in the first viewer, the second viewer
can't interfere unless the first viewer has been inactive for a set
amount of time. This timeout was put in place in
71c83b4793 to handle the case where the
first viewer disconnects while the mouse drag is happening. Prior to the
timeout, this resulted in all input being blocked.
This commit increases this timeout from 3 seconds to 10 seconds. This is
to minimize the risk of this happening during "normal" use. With this
change, the first viewer has to be inactive for 10 seconds before the
second viewer can take control again.
In the case where the first viewer disconnects, a waiting time of 10
seconds for the second viewer seems very reasonable.
The common use case is probably to only listem to the systemd provided
socket when using socket activation, but it might not be the only use
case. Make sure things can be combined if explicitly requested.
VNCServerST: Add a timeout to pointer button ownership
When one clients holds down a button on the pointer device (probably
dragging something), other clients' attempts at pointer operations
are denied. This yields a sane user experience, but with limits.
When one clients starts dragging, and then his network connection fails,
other clients are denied access to the pointer until the VNC server
finally discovers that the connection is dead and closes it. This can
take about 15 minutes.
Add a timeout to this policy: If we don't hear from the client for 3
seconds, other clients are allowed to control the pointer once more.
This solves the problem that one failing network could make the server
completely deaf to other clients for a long time.
Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
VNCSConnectionST: Release mouse button(s) on close
When the connection is severed, release all mouse buttons.
This fixes an issue with x0vncserver where the local display
would stop responding to mouse events if the connection closes
while the remote user was holding down a mouse button.
To reproduce, start a VNC client, press and hold a mouse button
and then kill the connection (e.g. close client, kill server,
yank network cable). This caused the local screen to no longer
respond to any mouse-down events until a VNC client reconnects
and clicks anywhere.
This may inject a "mouse release" event while closing, however,
if you click on your screen and then yank the mouse cable, a mouse
release event also would not come unexpectedly, so the cure's
side effects aren't as bad as the disease.
Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
x0vncserver: Add support for systemd socket activation
systemd can pass in sockets as file descriptors 3 and beyond. Allows
the server to use socket activation.
When triggered by systemd, no other listening sockets (e.g. rfbport) will
be activated.
Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
It's a reoccurring issue that users try to build individual components
by pointing cmake at a specific subdirectory, e.g. 'cmake vncviewer'.
CMake, unfortunately, has insufficient protection against this so we'll
need to add a manual check.
This commit only adds it to the most likely places for misuse so we
don't have to pollute every CMakeLists.txt.