Samuel Mannehed [Sat, 28 Mar 2020 20:30:56 +0000 (21:30 +0100)]
Support touch gestures on Windows
This adds the same touch gesture support for Windows as already added
for Unix. Note that it uses Windows gesture detection instead of our own
here though to give the user a familiar experience. Unfortunately that
means we lose the three finger tap.
This also raises the base requirements to Windows 7 as that's when
Windows got proper touch support.
Samuel Mannehed [Tue, 31 Mar 2020 20:02:21 +0000 (22:02 +0200)]
Cancel AltGr timeout on mouse events as well
We have a timer after Ctrl is pressed in order to see if an Alt will
come right after. Ctrl + Alt is what windows sends for AltGr.
If a key other than Alt was pressed we knew that we could cancel this
timer, this commit extends that to mouse events too.
Since this detection breaks the true order of events we want to make
a decision as fast as possible.
Alex Tanskanen [Wed, 22 Apr 2020 10:15:06 +0000 (12:15 +0200)]
Fix position for click and drag with EmulateMB
If you have the setting "Emulate middle mouse button" turned on, a click
and drag can fail if it is done very quickly. The position of the
initial click will be incorrect in such a case because the timeout will
delay events.
Pierre Ossman [Tue, 28 May 2019 06:42:16 +0000 (08:42 +0200)]
Open X11 display properly
We need to make sure everything happens in the correct order during
startup for the X11 display to open correctly. Primarily it means
we need to parse the arguments and open the display before anything
might make any X11 calls, as we may have a -display argument.
Lukas Vrabec [Wed, 6 May 2020 08:55:29 +0000 (10:55 +0200)]
[SELinux] Allow vnc_session_t type execute itself
vncsession-start is running in SELinux vnc_session_t domain because of
"SELinuxContext=system_u:system_r:vnc_session_t:s0" option in systemd
vncserver@.service unit file. vncsession-start executing binary
vncsession with SELinux label/type vnc_session_t. This access was not
allowed in vncsession policy.
Pierre Ossman [Mon, 20 Apr 2020 06:55:13 +0000 (08:55 +0200)]
Handle empty changes for every operation
It seems like many of the X11 operations can end up with no pixels
actually changing. So instead of discovering and adding workarounds for
each individually we'll just check very region added if it's empty.
Alex Tanskanen [Tue, 10 Mar 2020 12:33:01 +0000 (13:33 +0100)]
Throw GAIException() for getaddrinfo errors
Created a new subclass of Exception called GAIException() that will
handle error messages from getaddrinfo() instead of letting Exception()
handle it. GAIException() will make use of gai_strerror() to map the
error code to text. On Windows, gai_strerrorW() must be used if the text
is encoded with UTF-8.
Alex Tanskanen [Wed, 4 Mar 2020 09:27:02 +0000 (10:27 +0100)]
Make system error messeges in Windows 10 use UTF-8
The previous error messages did not support Unicode characters. This
commit will use UTF-8 encoding to be able to display error messages in
every language.
Pierre Ossman [Thu, 19 Jul 2018 14:04:23 +0000 (16:04 +0200)]
Add SELinux policy file for vncsession
Running as a service on a SELinux system requires rules so we can
transition to our own context. We also need the proper permissions
to start new user sessions.
Pierre Ossman [Mon, 16 Jul 2018 13:58:06 +0000 (15:58 +0200)]
Start sessions via PAM
This sets up a more correct session as there are key tasks that
need to be performed by PAM. E.g. systemd will allocate cgroups
and start base services.
In order to easily handle this as a system service the mapping of
displays is now done via a configuration file.
Pierre Ossman [Wed, 23 Jan 2019 14:29:41 +0000 (15:29 +0100)]
Make vncserver always run in the foreground
We need to be started as a system service for things to work correctly
anyway, so delegate the work of starting and stopping things to the
system service manager (e.g. systemd).
Linus Heckemann [Sat, 1 Feb 2020 10:08:26 +0000 (11:08 +0100)]
xserver: add no-op input thread init function
This allows Xvnc to build with xorg-server 1.20.7, which requires OS
layers to implement a ddxInputThreadInit function when configured with
--enable-input-thread (the default).
Pierre Ossman [Fri, 3 Jan 2020 12:10:20 +0000 (13:10 +0100)]
Clean up initialization of DIBSectionBuffer
We had an unintentional conflict with PixelBuffer::setSize() here.
But we can simplify this further as this initialization is only used
by the subclass DeviceFrameBuffer, and only once.
Pierre Ossman [Mon, 30 Dec 2019 09:50:52 +0000 (10:50 +0100)]
Provide correct dimensions for XShm setup
Since 53f913a we initialize the underlying PixelBuffer with 0x0
dimensions, which means we need to keep more explicit track of what
we are trying to allocate in the setup methods.
Samuel Mannehed [Fri, 20 Dec 2019 15:06:48 +0000 (16:06 +0100)]
Use the correct minimum value for compression lvl
There was even some confusion in the RFB protocol regarding this, but
the zlib implementation confirms that accepted values for compression
level is 0-9.
Pierre Ossman [Mon, 9 Dec 2019 15:58:07 +0000 (16:58 +0100)]
Check the correct stream if there is more data pending
The input stream might no longer be the raw socket, so we need to
query what's currently active. That wrapping stream might have its
own buffering and may have more data even if the socket is drained.
Pierre Ossman [Mon, 9 Dec 2019 15:57:04 +0000 (16:57 +0100)]
Handle pending data in TLS buffers
There might be more bytes left in the current TLS record, even if
there is nothing on the underlying stream. Make sure we properly
return this when we aren't being requested to block.
Pierre Ossman [Mon, 9 Dec 2019 12:54:17 +0000 (13:54 +0100)]
Don't background the main session command
When used with -fg we expect the startup script to remain running until
the session is over. This will not happen if the session command is put
in the background using &.
Pierre Ossman [Wed, 2 Oct 2019 14:06:08 +0000 (16:06 +0200)]
Handle pixel formats with odd shift values
Our fast paths assume that each channel fits in to a separate byte.
That means the shift needs to be a multiple of 8. Start actually
checking this so that a client cannot trip us up and possibly cause
incorrect code exection.
Issue found by Pavel Cheremushkin from Kaspersky Lab.
Pierre Ossman [Tue, 24 Sep 2019 07:41:07 +0000 (09:41 +0200)]
Be defensive about overflows in stream objects
We use a lot of lengths given to us over the network, so be more
paranoid about them causing an overflow as otherwise an attacker
might trick us in to overwriting other memory.
This primarily affects the client which often gets lengths from the
server, but there are also some scenarios where the server might
theoretically be vulnerable.
Issue found by Pavel Cheremushkin from Kaspersky Lab.
Pierre Ossman [Tue, 10 Sep 2019 14:07:50 +0000 (16:07 +0200)]
Add sanity checks for PixelFormat shift values
Otherwise we might be tricked in to reading and writing things at
incorrect offsets for pixels which ultimately could result in an
attacker writing things to the stack or heap and executing things
they shouldn't.
This only affects the server as the client never uses the pixel
format suggested by th server.
Issue found by Pavel Cheremushkin from Kaspersky Lab.