rpms/gnome-remote-desktop
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import gnome-remote-desktop-0.1.6-8.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-01-21 15:59:01 -05:00 committed by Stepan Oksanichenko
parent 65e586f1e7
commit 04fbb3c5e8
3 changed files with 558 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
SOURCES/0001-vnc-Unregister-previously-set-security-handlers-on-i.patch Normal file
View File

@ -0,0 +1,47 @@
From 23526b25b9a8088c7435563516bea96ed4408c13 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 16:53:42 +0100
Subject: [PATCH] vnc: Unregister previously set security handlers on init
When we're starting a session, we're going to handle a new client
connection. However, any previous client that was ever run on in a
previous session would still have their "security handler" registered,
as such is a global permanent change in libvncserver right now.
To work around this, unregister all primary security handler (i.e.
'none' and 'password') when initializing the RFB screen. We'll set up
the preferred one when handling the new client.
---
src/grd-session-vnc.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
index c5f83d8..2967415 100644
--- a/src/grd-session-vnc.c
+++ b/src/grd-session-vnc.c
@@ -28,6 +28,9 @@
#include <linux/input.h>
#include <rfb/rfb.h>
+/* Potential redeclaration of libVNCServer API to avoid build failure. */
+extern void rfbUnregisterPrimarySecurityHandlers (void);
+
#include "grd-context.h"
#include "grd-prompt.h"
#include "grd-settings.h"
@@ -564,6 +567,12 @@ init_vnc_session (GrdSessionVnc *session_vnc)
8, 3, 4);
session_vnc->rfb_screen = rfb_screen;
+ /*
+ * Unregister whatever security handler was used the last time; we'll set
+ * up new ones when authorizing the new client anyway.
+ */
+ rfbUnregisterPrimarySecurityHandlers ();
+
update_server_format (session_vnc);
socket = g_socket_connection_get_socket (session_vnc->connection);
--
2.23.0

492
SOURCES/fix-initial-black-screen.patch Normal file
View File

@ -0,0 +1,492 @@
From 08d9c7e41882e5e4821de2c9bc2035043f2ca1a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 11:02:09 +0100
Subject: [PATCH 1/4] session-vnc: Add paused/resumed signals
Paused is when the socket sourec is detached, and resumed when attached.
Meant to be used by the TLS channel security to a attach/detach
out-of-socket source.
---
src/grd-session-vnc.c | 72 ++++++++++++++++++++++++++++++++++++++-----
1 file changed, 65 insertions(+), 7 deletions(-)
diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
index dcd8599..6be8330 100644
--- a/src/grd-session-vnc.c
+++ b/src/grd-session-vnc.c
@@ -40,14 +40,27 @@
#define BGRX_SAMPLES_PER_PIXEL 3
#define BGRX_BYTES_PER_PIXEL 4
+enum
+{
+ PAUSED,
+ RESUMED,
+
+ N_SIGNALS
+};
+
+static guint signals[N_SIGNALS];
+
struct _GrdSessionVnc
{
GrdSession parent;
GrdVncServer *vnc_server;
GSocketConnection *connection;
+
GList *socket_grabs;
GSource *source;
+ gboolean is_paused;
+
rfbScreenInfoPtr rfb_screen;
rfbClientPtr rfb_client;
@@ -73,7 +86,7 @@ struct _GrdSessionVnc
G_DEFINE_TYPE (GrdSessionVnc, grd_session_vnc, GRD_TYPE_SESSION);
static void
-grd_session_vnc_detach_source (GrdSessionVnc *session_vnc);
+grd_session_vnc_pause (GrdSessionVnc *session_vnc);
static gboolean
close_session_idle (gpointer user_data);
@@ -215,7 +228,8 @@ handle_client_gone (rfbClientPtr rfb_client)
g_debug ("VNC client gone");
- grd_session_vnc_detach_source (session_vnc);
+ grd_session_vnc_pause (session_vnc);
+
maybe_queue_close_session_idle (session_vnc);
}
@@ -283,7 +297,7 @@ handle_new_client (rfbClientPtr rfb_client)
session_vnc->prompt_cancellable,
prompt_response_callback,
session_vnc);
- grd_session_vnc_detach_source (session_vnc);
+ grd_session_vnc_pause (session_vnc);
return RFB_CLIENT_ON_HOLD;
case GRD_VNC_AUTH_METHOD_PASSWORD:
session_vnc->rfb_screen->passwordCheck = check_rfb_password;
@@ -501,7 +515,7 @@ check_rfb_password (rfbClientPtr rfb_client,
if (memcmp (challenge_encrypted, response_encrypted, len) == 0)
{
grd_session_start (GRD_SESSION (session_vnc));
- grd_session_vnc_detach_source (session_vnc);
+ grd_session_vnc_pause (session_vnc);
return TRUE;
}
else
@@ -670,6 +684,36 @@ grd_session_vnc_detach_source (GrdSessionVnc *session_vnc)
g_clear_pointer (&session_vnc->source, g_source_destroy);
}
+gboolean
+grd_session_vnc_is_paused (GrdSessionVnc *session_vnc)
+{
+ return session_vnc->is_paused;
+}
+
+static void
+grd_session_vnc_pause (GrdSessionVnc *session_vnc)
+{
+ if (grd_session_vnc_is_paused (session_vnc))
+ return;
+
+ session_vnc->is_paused = TRUE;
+
+ grd_session_vnc_detach_source (session_vnc);
+ g_signal_emit (session_vnc, signals[PAUSED], 0);
+}
+
+static void
+grd_session_vnc_resume (GrdSessionVnc *session_vnc)
+{
+ if (!grd_session_vnc_is_paused (session_vnc))
+ return;
+
+ session_vnc->is_paused = FALSE;
+
+ grd_session_vnc_attach_source (session_vnc);
+ g_signal_emit (session_vnc, signals[RESUMED], 0);
+}
+
GrdSessionVnc *
grd_session_vnc_new (GrdVncServer *vnc_server,
GSocketConnection *connection)
@@ -687,6 +731,7 @@ grd_session_vnc_new (GrdVncServer *vnc_server,
grd_session_vnc_grab_socket (session_vnc, vnc_socket_grab_func);
grd_session_vnc_attach_source (session_vnc);
+ session_vnc->is_paused = FALSE;
init_vnc_session (session_vnc);
@@ -716,7 +761,7 @@ grd_session_vnc_stop (GrdSession *session)
g_clear_object (&session_vnc->pipewire_stream);
- grd_session_vnc_detach_source (session_vnc);
+ grd_session_vnc_pause (session_vnc);
g_clear_object (&session_vnc->connection);
g_clear_pointer (&session_vnc->rfb_screen->frameBuffer, g_free);
@@ -772,8 +817,8 @@ grd_session_vnc_stream_ready (GrdSession *session,
G_CALLBACK (on_pipwire_stream_closed),
session_vnc);
- if (!session_vnc->source)
- grd_session_vnc_attach_source (session_vnc);
+ if (grd_session_vnc_is_paused (session_vnc))
+ grd_session_vnc_resume (session_vnc);
}
static void
@@ -792,4 +837,17 @@ grd_session_vnc_class_init (GrdSessionVncClass *klass)
session_class->stop = grd_session_vnc_stop;
session_class->stream_ready = grd_session_vnc_stream_ready;
+
+ signals[PAUSED] = g_signal_new ("paused",
+ G_TYPE_FROM_CLASS (klass),
+ G_SIGNAL_RUN_LAST,
+ 0,
+ NULL, NULL, NULL,
+ G_TYPE_NONE, 0);
+ signals[RESUMED] = g_signal_new ("resumed",
+ G_TYPE_FROM_CLASS (klass),
+ G_SIGNAL_RUN_LAST,
+ 0,
+ NULL, NULL, NULL,
+ G_TYPE_NONE, 0);
}
--
2.23.0
From b27fe979adf4910f4173370091a06b6a945f83ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 11:03:46 +0100
Subject: [PATCH 2/4] session-vnc: Add grd_session_vnc_dispatch() helper
To be used by the TLS channel security to dispatch when there is data
available that is not visible to the socket source.
---
src/grd-session-vnc.c | 26 ++++++++++++++++----------
src/grd-session-vnc.h | 2 ++
2 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
index 6be8330..c5f83d8 100644
--- a/src/grd-session-vnc.c
+++ b/src/grd-session-vnc.c
@@ -624,6 +624,21 @@ vnc_socket_grab_func (GrdSessionVnc *session_vnc,
return TRUE;
}
+void
+grd_session_vnc_dispatch (GrdSessionVnc *session_vnc)
+{
+ GrdVncSocketGrabFunc grab_func;
+ g_autoptr (GError) error = NULL;
+
+ grab_func = g_list_first (session_vnc->socket_grabs)->data;
+ if (!grab_func (session_vnc, &error))
+ {
+ g_warning ("Error when reading socket: %s", error->message);
+
+ grd_session_stop (GRD_SESSION (session_vnc));
+ }
+}
+
static gboolean
handle_socket_data (GSocket *socket,
GIOCondition condition,
@@ -640,16 +655,7 @@ handle_socket_data (GSocket *socket,
}
else if (condition & G_IO_IN)
{
- GrdVncSocketGrabFunc grab_func;
- g_autoptr (GError) error = NULL;
-
- grab_func = g_list_first (session_vnc->socket_grabs)->data;
- if (!grab_func (session_vnc, &error))
- {
- g_warning ("Error when reading socket: %s", error->message);
-
- grd_session_stop (session);
- }
+ grd_session_vnc_dispatch (session_vnc);
}
else
{
diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
index 789693e..e699d64 100644
--- a/src/grd-session-vnc.h
+++ b/src/grd-session-vnc.h
@@ -68,6 +68,8 @@ void grd_session_vnc_grab_socket (GrdSessionVnc *session_vnc,
void grd_session_vnc_ungrab_socket (GrdSessionVnc *session_vnc,
GrdVncSocketGrabFunc grab_func);
+void grd_session_vnc_dispatch (GrdSessionVnc *session_vnc);
+
GrdVncServer * grd_session_vnc_get_vnc_server (GrdSessionVnc *session_vnc);
#endif /* GRD_SESSION_VNC_H */
--
2.23.0
From bb4e67869e9226c7e10907d59fee3247b3a7fa8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 11:05:13 +0100
Subject: [PATCH 3/4] vnc/tls: Add some logging
Uses the log utility from libvncserver as it is related to the RFB
protocol rather than the session itself.
---
src/grd-vnc-tls.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/grd-vnc-tls.c b/src/grd-vnc-tls.c
index 8fc0fc2..fb24b34 100644
--- a/src/grd-vnc-tls.c
+++ b/src/grd-vnc-tls.c
@@ -67,6 +67,7 @@ grd_vnc_tls_context_new (void)
tls_context = g_new0 (GrdVncTlsContext, 1);
+ rfbLog ("TLS: Initializing gnutls context\n");
gnutls_global_init ();
gnutls_anon_allocate_server_credentials (&tls_context->anon_credentials);
@@ -127,6 +128,7 @@ perform_anon_tls_handshake (GrdVncTlsSession *tls_session,
ret = gnutls_handshake (tls_session->tls_session);
if (ret != GNUTLS_E_SUCCESS && !gnutls_error_is_fatal (ret))
{
+ rfbLog ("TLS: More handshake pending\n");
tls_session->handshake_state = GRD_TLS_HANDSHAKE_STATE_DURING;
return TRUE;
}
@@ -140,6 +142,8 @@ perform_anon_tls_handshake (GrdVncTlsSession *tls_session,
return FALSE;
}
+ rfbLog ("TLS: Handshake finished");
+
tls_session->handshake_state = GRD_TLS_HANDSHAKE_STATE_FINISHED;
return TRUE;
}
@@ -373,6 +377,7 @@ perform_handshake (GrdSessionVnc *session_vnc,
break;
case GRD_TLS_HANDSHAKE_STATE_FINISHED:
grd_session_vnc_ungrab_socket (session_vnc, tls_handshake_grab_func);
+ rfbLog ("TLS: Sending post-channel security security list\n");
rfbSendSecurityTypeList (grd_session_vnc_get_rfb_client (session_vnc),
RFB_SECURITY_TAG_CHANNEL);
break;
@@ -387,6 +392,7 @@ tls_handshake_grab_func (GrdSessionVnc *session_vnc,
{
g_autoptr (GError) handshake_error = NULL;
+ rfbLog ("TLS: Continuing handshake\n");
if (!perform_handshake (session_vnc, &handshake_error))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
@@ -404,6 +410,8 @@ rfb_tls_security_handler (rfbClientPtr rfb_client)
GrdVncTlsSession *tls_session;
g_autoptr(GError) error = NULL;
+ rfbLog ("TLS: Setting up rfbClient for gnutls encrypted traffic\n");
+
tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc);
if (!tls_session)
{
@@ -424,6 +432,7 @@ rfb_tls_security_handler (rfbClientPtr rfb_client)
grd_session_vnc_grab_socket (session_vnc, tls_handshake_grab_func);
}
+ rfbLog ("TLS: Performing handshake\n");
if (!perform_handshake (session_vnc, &error))
{
g_warning ("TLS handshake failed: %s", error->message);
--
2.23.0
From 707425d19861295bb64e5558d1f81175d0327429 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 11:07:40 +0100
Subject: [PATCH 4/4] vnc/tls: Dispatch also when data is pending outside of
the socket
gnutls may have data available in its buffers, and we have our own peek
buffer temporarly storing data later to be processed. This would missed
by the socket source, as it wouldn't get any notification about it from
epoll(). Deal with this by adding a custom source that dispatches as
long as there is data to read in those buffers.
---
src/grd-session-vnc.h | 2 +
src/grd-vnc-tls.c | 92 ++++++++++++++++++++++++++++++++++++++++---
2 files changed, 88 insertions(+), 6 deletions(-)
diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
index e699d64..5a74b5f 100644
--- a/src/grd-session-vnc.h
+++ b/src/grd-session-vnc.h
@@ -68,6 +68,8 @@ void grd_session_vnc_grab_socket (GrdSessionVnc *session_vnc,
void grd_session_vnc_ungrab_socket (GrdSessionVnc *session_vnc,
GrdVncSocketGrabFunc grab_func);
+gboolean grd_session_vnc_is_paused (GrdSessionVnc *session_vnc);
+
void grd_session_vnc_dispatch (GrdSessionVnc *session_vnc);
GrdVncServer * grd_session_vnc_get_vnc_server (GrdSessionVnc *session_vnc);
diff --git a/src/grd-vnc-tls.c b/src/grd-vnc-tls.c
index fb24b34..815b40b 100644
--- a/src/grd-vnc-tls.c
+++ b/src/grd-vnc-tls.c
@@ -41,6 +41,12 @@ typedef enum _GrdTlsHandshakeState
GRD_TLS_HANDSHAKE_STATE_FINISHED
} GrdTlsHandshakeState;
+typedef struct _PeekBufferSource
+{
+ GSource parent;
+ GrdSessionVnc *session_vnc;
+} PeekBufferSource;
+
typedef struct _GrdVncTlsSession
{
GrdVncTlsContext *tls_context;
@@ -53,6 +59,8 @@ typedef struct _GrdVncTlsSession
char *peek_buffer;
int peek_buffer_size;
int peek_buffer_len;
+
+ GSource *peek_buffer_source;
} GrdVncTlsSession;
static gboolean
@@ -296,16 +304,14 @@ grd_vnc_tls_peek_at_socket (rfbClientPtr rfb_client,
peekable_len = MIN (len, tls_session->peek_buffer_len);
memcpy (buf, tls_session->peek_buffer, peekable_len);
+ fprintf(stderr, ":::: %s:%d %s() - peeked %d bytes, can peek %d bytes\n", __FILE__, __LINE__, __func__,
+ peekable_len, tls_session->peek_buffer_len);
return peekable_len;
}
-static rfbBool
-grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client)
+static gboolean
+grd_vnc_tls_session_has_pending_data (GrdVncTlsSession *tls_session)
{
- GrdSessionVnc *session_vnc = rfb_client->screen->screenData;
- GrdVncTlsSession *tls_session =
- grd_vnc_tls_session_from_vnc_session (session_vnc);
-
if (tls_session->peek_buffer_len > 0)
return TRUE;
@@ -315,6 +321,16 @@ grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client)
return FALSE;
}
+static rfbBool
+grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client)
+{
+ GrdSessionVnc *session_vnc = rfb_client->screen->screenData;
+ GrdVncTlsSession *tls_session =
+ grd_vnc_tls_session_from_vnc_session (session_vnc);
+
+ return grd_vnc_tls_session_has_pending_data (tls_session);
+}
+
static int
grd_vnc_tls_write_to_socket (rfbClientPtr rfb_client,
const char *buf,
@@ -403,6 +419,62 @@ tls_handshake_grab_func (GrdSessionVnc *session_vnc,
return TRUE;
}
+static gboolean
+peek_buffer_source_prepare (GSource *source,
+ int *timeout)
+{
+ PeekBufferSource *psource = (PeekBufferSource *) source;
+ GrdSessionVnc *session_vnc = psource->session_vnc;
+ GrdVncTlsSession *tls_session =
+ grd_vnc_tls_session_from_vnc_session (session_vnc);
+
+ return grd_vnc_tls_session_has_pending_data (tls_session);
+}
+
+static gboolean
+peek_buffer_source_dispatch (GSource *source,
+ GSourceFunc callback,
+ gpointer user_data)
+{
+ PeekBufferSource *psource = (PeekBufferSource *) source;
+ GrdSessionVnc *session_vnc = psource->session_vnc;
+
+ grd_session_vnc_dispatch (session_vnc);
+
+ return G_SOURCE_CONTINUE;
+}
+
+static GSourceFuncs peek_buffer_source_funcs = {
+ .prepare = peek_buffer_source_prepare,
+ .dispatch = peek_buffer_source_dispatch,
+};
+
+static void
+attach_peek_buffer_source (GrdSessionVnc *session_vnc)
+{
+ GrdVncTlsSession *tls_session;
+
+ tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc);
+ tls_session->peek_buffer_source = g_source_new (&peek_buffer_source_funcs,
+ sizeof (PeekBufferSource));
+ ((PeekBufferSource *) tls_session->peek_buffer_source)->session_vnc =
+ session_vnc;
+ g_source_set_priority (tls_session->peek_buffer_source,
+ G_PRIORITY_DEFAULT + 1);
+
+ g_source_attach (tls_session->peek_buffer_source, NULL);
+}
+
+static void
+detach_peek_buffer_source (GrdSessionVnc *session_vnc)
+{
+ GrdVncTlsSession *tls_session;
+
+ tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc);
+
+ g_clear_pointer (&tls_session->peek_buffer_source, g_source_destroy);
+}
+
static void
rfb_tls_security_handler (rfbClientPtr rfb_client)
{
@@ -429,6 +501,14 @@ rfb_tls_security_handler (rfbClientPtr rfb_client)
rfb_client->hasPendingOnSocket = grd_vnc_tls_has_pending_on_socket;
rfb_client->writeToSocket = grd_vnc_tls_write_to_socket;
+ if (!grd_session_vnc_is_paused (session_vnc))
+ attach_peek_buffer_source (session_vnc);
+
+ g_signal_connect (session_vnc, "paused",
+ G_CALLBACK (detach_peek_buffer_source), NULL);
+ g_signal_connect (session_vnc, "resumed",
+ G_CALLBACK (attach_peek_buffer_source), NULL);
+
grd_session_vnc_grab_socket (session_vnc, tls_handshake_grab_func);
}
--
2.23.0

20
SPECS/gnome-remote-desktop.spec
View File

@ -2,7 +2,7 @@
Name: gnome-remote-desktop
Version: 0.1.6
Release: 5%{?dist}
Release: 8%{?dist}
Summary: GNOME Remote Desktop screen share service
License: GPLv2+
@ -25,6 +25,12 @@ Patch4: rhel8.0.0-backports.patch
# Backport password override, for testing (rhbz#1713330)
Patch5: 0001-vnc-Allow-overriding-password-with-env-var.patch
# Fix initial black content issue (rhbz#1765448)
Patch6: fix-initial-black-screen.patch
# Handle auth settings changes (rhbz#1684729)
Patch7: 0001-vnc-Unregister-previously-set-security-handlers-on-i.patch
BuildRequires: git
BuildRequires: gcc
BuildRequires: meson >= 0.36.0
@ -83,6 +89,18 @@ GNOME desktop environment.
%changelog
* Wed Nov 27 2019 Jonas Ådahl <jadahl@redhat.com> - 0.1.6-8
- Update patch to handle older libvncserver at build time
Resolves: #1684729
* Wed Nov 27 2019 Jonas Ådahl <jadahl@redhat.com> - 0.1.6-7
- Handle auth settings changes
Resolves: #1684729
* Wed Nov 27 2019 Jonas Ådahl <jadahl@redhat.com> - 0.1.6-6
- Fix initial black content issue
Resolves: #1765448
* Thu May 30 2019 Tomáš Popela <tpopela@redhat.com> - 0.1.6-5
- Bump the version to make gating happy - that's bug 1681618
- Resolves: rhbz#1713330