Pierre Ossman [Thu, 21 May 2020 19:10:38 +0000 (21:10 +0200)]
Properly store certificate exceptions
The previous method stored the certificates as authorities, meaning that
the owner of that certificate could impersonate any server it wanted
after a client had added an exception.
Handle this more properly by only storing exceptions for specific
hostname/certificate combinations, the same way browsers or SSH does
things.
Pierre Ossman [Fri, 21 Aug 2020 13:52:45 +0000 (15:52 +0200)]
Call correct wrappers for clipboard handling
We incorrectly called the underlying functions instead of the safe
wrappers for the new clipboard functions. This had the effect of a)
crashing the entire server if one of these functions failed, and b) not
respecting the settings disabling the clipboard.
Pierre Ossman [Mon, 17 Aug 2020 14:07:03 +0000 (16:07 +0200)]
Comment on SELinux rule affect other commands
This line affects every command run by the user, unlike everything else
in our policy which is just for vncserver/vncsession. It's easy to miss
this so add a comment pointing it out.
Lukas Vrabec [Mon, 25 May 2020 09:29:44 +0000 (11:29 +0200)]
[SELinux] Allow vnc session create ~/.vnc
Allow vnc session labeled with SELinux vnc_session_t domain to create
directory in user homedir ~/.vnc labeled with SELinux label xdm_home_t.
Because also process vncpasswd creates ~/.vnc directory, file transition that
userdomain attribute SELinux domain (label for the process) can create the
directory with the same label needs to be added.
Mark Mielke [Wed, 29 Jul 2020 04:26:41 +0000 (00:26 -0400)]
vncserver: Display check should confirm UNIX domain socket is still valid
If the X server is not shut down cleanly, it can leave UNIX domain
sockets around that "vncserver" has previously mis-identified as
evidence that the display number is still in use.
Instead of checking for existence of /tmp/.X11-unix/X<n>, the code
will now attempt to connect to the socket to confirm that there is a
server process listening on this UNIX domain socket. This will
eliminate false positives in the case the UNIX domain socket still
exists but is not associated with a listening Xorg server. The Xorg
server does not have a problem with fixing this file when it next
starts up. It is only important to avoid using the port if it is still
in use.
Mark Mielke [Wed, 29 Jul 2020 04:21:19 +0000 (00:21 -0400)]
vncserver: Display check should be re-factored for Perl 5
The display check and related setup code was complex due to
compatibility with Perl 4. This included different ways of obtaining
system constants and building system data structures. Perl 5 provides
direct constants and utility methods to abstract this out of the
vncserver code.
Mark Mielke [Wed, 29 Jul 2020 04:01:07 +0000 (00:01 -0400)]
vncserver: Display check should confirm lock file is still valid
If the X server is not shut down cleanly, it may leave lock files
around that "vncserver" has previously mis-identified as evidence that
the display number is still in use.
Instead of checking for existence of /tmp/.X<n>-lock, the code will
now extract the PID from the lock file and confirm that a process
exists with the same PID. This will eliminate false positives in the
case that this file references a PID that no longer exists. The Xorg
server does not have a problem with fixing this file when it next
starts up. It is only important to avoid using the port if it is still
in use.
Mark Mielke [Wed, 29 Jul 2020 04:11:28 +0000 (00:11 -0400)]
vncserver: Display check should avoid duplicate code
The display check had duplicate code to first check if the X11 port is
not in use, and then check that the RFB port is not in use. Eliminate
the duplicate code by using a for-loop.
Mark Mielke [Wed, 29 Jul 2020 03:57:22 +0000 (23:57 -0400)]
vncserver: Display check should use named variables
Several calculated values such as file paths and port numbers were
hard coded within strings or expressions, sometimes multiple
times. These values should be extracted into named variables to
improve self-documentation and avoid accidental divergence.
Mark Mielke [Wed, 29 Jul 2020 03:46:02 +0000 (23:46 -0400)]
vncserver: Display check should check for lock file first
Checking for the existence of `/tmp/.X<n>-lock` is a fast read-only
operation, while calls to bind() or connect() are more expensive and
may have side effects. Perform the fast operation first.
Mark Mielke [Wed, 29 Jul 2020 03:35:19 +0000 (23:35 -0400)]
vncserver: Remove legacy HP-UX support
The check for existence of `/usr/spool/sockets/X11/<n>` has been
removed. This file is only relevant on HP-UX, and TigerVNC dropped
support for HP-UX in commit 31e5aa3.
Fix unexpected rpm macro expansion `%{VERSION}` which is supposed
to be passed through as literal to `rpm -q --qf`. This hasn't
caused problems before, but it was found to cause problems when
built from EL 8 when it expanded to "1.10.1".
Mark Mielke [Mon, 22 Jun 2020 03:54:55 +0000 (23:54 -0400)]
Enhanced ComparingUpdateTracker to crop changed blocks
64x64 changed block can be large for fine changes such as cursor
movement and typing in terminal windows, or an update to a clock.
If the block can be efficiently cropped, this will reduce latency
and bandwidth. Every pixel cropped is a pixel less to analyze, encode,
transmit, and decode.
The previous code already detected the top of the change in order
to determine if the block had changed. However, it did not use
this information to reduce the size of the change rectangle, nor
did it calculate any of the other edges.
The new code introduces detection of the other edges, and uses
the information to build a reduced area change rectangle. This
has the additional effect of reducing the number of discrete pixel
values in the change block which may allow a more efficient
encoding algorithm to be selected.
As this section of code is performance sensitive, the method
of detecting the edges has been optimized to quickly fall back
to pessimistic values as soon as a single comparison fails on
each edge. In the case that full 64x64 block are changing,
there will be three extra comparisons per block.
In cases where the change rectangle can be reduced from 64x64,
the reduced size of the change rectangle represents reduced
effort to encode, transfer, and decode the contained pixels.
In the case of images with high frequency changes, which
specifically includes text, the lossy JPEG encoding can be
highly distorted, especially with JPEG level 6 or less. The
quick flash from a distorted JPEG to a lossless JPEG can
appear as a flickering to some people. This effect was more
obvious when the surrounding area is not expected to change,
but is being distorted anyways due to being part of the 64x64
blocking algorithm.
In the case of a user typing in a terminal window, this change
may commonly reduce the number of pixels updated with every
character typed from 4096 pixels (64x64) to 640 pixels (32x20)
or less.
Mark Mielke [Sat, 20 Jun 2020 10:15:39 +0000 (06:15 -0400)]
Fix division by zero exception in SSecurityPlain.
If using SSecurityPlain and the user specifies an empty username
and password, it will invoke InStream::checkNoWait(0) which will
cause a division by zero when calculating the number of available
items.
Enhance InStream::check() to behave properly when asked for
zero items, or zero sized items.
Add comments to InStream::check(), InStream::checkNoWait(),
and InStream::readBytes() to document expected behaviour
when requested to check or read zero items, or an item with
zero size.
Jan Grulich [Fri, 3 Jul 2020 11:56:35 +0000 (13:56 +0200)]
Remove trailing spaces in user name
It's quite easy to make a mistake and add an additional space when configuring
users in the vncserver.users config file. You will then get an error that the
user doesn't exist and it's hard to spot the mistake. Same applies for a space
before the display number.
Samuel Mannehed [Sat, 28 Mar 2020 20:30:56 +0000 (21:30 +0100)]
Support touch gestures on Windows
This adds the same touch gesture support for Windows as already added
for Unix. Note that it uses Windows gesture detection instead of our own
here though to give the user a familiar experience. Unfortunately that
means we lose the three finger tap.
This also raises the base requirements to Windows 7 as that's when
Windows got proper touch support.
Samuel Mannehed [Tue, 31 Mar 2020 20:02:21 +0000 (22:02 +0200)]
Cancel AltGr timeout on mouse events as well
We have a timer after Ctrl is pressed in order to see if an Alt will
come right after. Ctrl + Alt is what windows sends for AltGr.
If a key other than Alt was pressed we knew that we could cancel this
timer, this commit extends that to mouse events too.
Since this detection breaks the true order of events we want to make
a decision as fast as possible.
Alex Tanskanen [Wed, 22 Apr 2020 10:15:06 +0000 (12:15 +0200)]
Fix position for click and drag with EmulateMB
If you have the setting "Emulate middle mouse button" turned on, a click
and drag can fail if it is done very quickly. The position of the
initial click will be incorrect in such a case because the timeout will
delay events.
Pierre Ossman [Tue, 28 May 2019 06:42:16 +0000 (08:42 +0200)]
Open X11 display properly
We need to make sure everything happens in the correct order during
startup for the X11 display to open correctly. Primarily it means
we need to parse the arguments and open the display before anything
might make any X11 calls, as we may have a -display argument.
Lukas Vrabec [Wed, 6 May 2020 08:55:29 +0000 (10:55 +0200)]
[SELinux] Allow vnc_session_t type execute itself
vncsession-start is running in SELinux vnc_session_t domain because of
"SELinuxContext=system_u:system_r:vnc_session_t:s0" option in systemd
vncserver@.service unit file. vncsession-start executing binary
vncsession with SELinux label/type vnc_session_t. This access was not
allowed in vncsession policy.
Pierre Ossman [Mon, 20 Apr 2020 06:55:13 +0000 (08:55 +0200)]
Handle empty changes for every operation
It seems like many of the X11 operations can end up with no pixels
actually changing. So instead of discovering and adding workarounds for
each individually we'll just check very region added if it's empty.
Alex Tanskanen [Tue, 10 Mar 2020 12:33:01 +0000 (13:33 +0100)]
Throw GAIException() for getaddrinfo errors
Created a new subclass of Exception called GAIException() that will
handle error messages from getaddrinfo() instead of letting Exception()
handle it. GAIException() will make use of gai_strerror() to map the
error code to text. On Windows, gai_strerrorW() must be used if the text
is encoded with UTF-8.
Alex Tanskanen [Wed, 4 Mar 2020 09:27:02 +0000 (10:27 +0100)]
Make system error messeges in Windows 10 use UTF-8
The previous error messages did not support Unicode characters. This
commit will use UTF-8 encoding to be able to display error messages in
every language.