diff --git a/SOURCES/0001-vnc-Unregister-previously-set-security-handlers-on-i.patch b/SOURCES/0001-vnc-Unregister-previously-set-security-handlers-on-i.patch new file mode 100644 index 0000000..47d7d5e --- /dev/null +++ b/SOURCES/0001-vnc-Unregister-previously-set-security-handlers-on-i.patch @@ -0,0 +1,47 @@ +From 23526b25b9a8088c7435563516bea96ed4408c13 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jonas=20=C3=85dahl?= +Date: Wed, 27 Nov 2019 16:53:42 +0100 +Subject: [PATCH] vnc: Unregister previously set security handlers on init + +When we're starting a session, we're going to handle a new client +connection. However, any previous client that was ever run on in a +previous session would still have their "security handler" registered, +as such is a global permanent change in libvncserver right now. + +To work around this, unregister all primary security handler (i.e. +'none' and 'password') when initializing the RFB screen. We'll set up +the preferred one when handling the new client. +--- + src/grd-session-vnc.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c +index c5f83d8..2967415 100644 +--- a/src/grd-session-vnc.c ++++ b/src/grd-session-vnc.c +@@ -28,6 +28,9 @@ + #include + #include + ++/* Potential redeclaration of libVNCServer API to avoid build failure. */ ++extern void rfbUnregisterPrimarySecurityHandlers (void); ++ + #include "grd-context.h" + #include "grd-prompt.h" + #include "grd-settings.h" +@@ -564,6 +567,12 @@ init_vnc_session (GrdSessionVnc *session_vnc) + 8, 3, 4); + session_vnc->rfb_screen = rfb_screen; + ++ /* ++ * Unregister whatever security handler was used the last time; we'll set ++ * up new ones when authorizing the new client anyway. ++ */ ++ rfbUnregisterPrimarySecurityHandlers (); ++ + update_server_format (session_vnc); + + socket = g_socket_connection_get_socket (session_vnc->connection); +-- +2.23.0 + diff --git a/SOURCES/fix-initial-black-screen.patch b/SOURCES/fix-initial-black-screen.patch new file mode 100644 index 0000000..9c0f5a9 --- /dev/null +++ b/SOURCES/fix-initial-black-screen.patch @@ -0,0 +1,492 @@ +From 08d9c7e41882e5e4821de2c9bc2035043f2ca1a4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jonas=20=C3=85dahl?= +Date: Wed, 27 Nov 2019 11:02:09 +0100 +Subject: [PATCH 1/4] session-vnc: Add paused/resumed signals + +Paused is when the socket sourec is detached, and resumed when attached. +Meant to be used by the TLS channel security to a attach/detach +out-of-socket source. +--- + src/grd-session-vnc.c | 72 ++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 65 insertions(+), 7 deletions(-) + +diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c +index dcd8599..6be8330 100644 +--- a/src/grd-session-vnc.c ++++ b/src/grd-session-vnc.c +@@ -40,14 +40,27 @@ + #define BGRX_SAMPLES_PER_PIXEL 3 + #define BGRX_BYTES_PER_PIXEL 4 + ++enum ++{ ++ PAUSED, ++ RESUMED, ++ ++ N_SIGNALS ++}; ++ ++static guint signals[N_SIGNALS]; ++ + struct _GrdSessionVnc + { + GrdSession parent; + + GrdVncServer *vnc_server; + GSocketConnection *connection; ++ + GList *socket_grabs; + GSource *source; ++ gboolean is_paused; ++ + rfbScreenInfoPtr rfb_screen; + rfbClientPtr rfb_client; + +@@ -73,7 +86,7 @@ struct _GrdSessionVnc + G_DEFINE_TYPE (GrdSessionVnc, grd_session_vnc, GRD_TYPE_SESSION); + + static void +-grd_session_vnc_detach_source (GrdSessionVnc *session_vnc); ++grd_session_vnc_pause (GrdSessionVnc *session_vnc); + + static gboolean + close_session_idle (gpointer user_data); +@@ -215,7 +228,8 @@ handle_client_gone (rfbClientPtr rfb_client) + + g_debug ("VNC client gone"); + +- grd_session_vnc_detach_source (session_vnc); ++ grd_session_vnc_pause (session_vnc); ++ + maybe_queue_close_session_idle (session_vnc); + } + +@@ -283,7 +297,7 @@ handle_new_client (rfbClientPtr rfb_client) + session_vnc->prompt_cancellable, + prompt_response_callback, + session_vnc); +- grd_session_vnc_detach_source (session_vnc); ++ grd_session_vnc_pause (session_vnc); + return RFB_CLIENT_ON_HOLD; + case GRD_VNC_AUTH_METHOD_PASSWORD: + session_vnc->rfb_screen->passwordCheck = check_rfb_password; +@@ -501,7 +515,7 @@ check_rfb_password (rfbClientPtr rfb_client, + if (memcmp (challenge_encrypted, response_encrypted, len) == 0) + { + grd_session_start (GRD_SESSION (session_vnc)); +- grd_session_vnc_detach_source (session_vnc); ++ grd_session_vnc_pause (session_vnc); + return TRUE; + } + else +@@ -670,6 +684,36 @@ grd_session_vnc_detach_source (GrdSessionVnc *session_vnc) + g_clear_pointer (&session_vnc->source, g_source_destroy); + } + ++gboolean ++grd_session_vnc_is_paused (GrdSessionVnc *session_vnc) ++{ ++ return session_vnc->is_paused; ++} ++ ++static void ++grd_session_vnc_pause (GrdSessionVnc *session_vnc) ++{ ++ if (grd_session_vnc_is_paused (session_vnc)) ++ return; ++ ++ session_vnc->is_paused = TRUE; ++ ++ grd_session_vnc_detach_source (session_vnc); ++ g_signal_emit (session_vnc, signals[PAUSED], 0); ++} ++ ++static void ++grd_session_vnc_resume (GrdSessionVnc *session_vnc) ++{ ++ if (!grd_session_vnc_is_paused (session_vnc)) ++ return; ++ ++ session_vnc->is_paused = FALSE; ++ ++ grd_session_vnc_attach_source (session_vnc); ++ g_signal_emit (session_vnc, signals[RESUMED], 0); ++} ++ + GrdSessionVnc * + grd_session_vnc_new (GrdVncServer *vnc_server, + GSocketConnection *connection) +@@ -687,6 +731,7 @@ grd_session_vnc_new (GrdVncServer *vnc_server, + + grd_session_vnc_grab_socket (session_vnc, vnc_socket_grab_func); + grd_session_vnc_attach_source (session_vnc); ++ session_vnc->is_paused = FALSE; + + init_vnc_session (session_vnc); + +@@ -716,7 +761,7 @@ grd_session_vnc_stop (GrdSession *session) + + g_clear_object (&session_vnc->pipewire_stream); + +- grd_session_vnc_detach_source (session_vnc); ++ grd_session_vnc_pause (session_vnc); + + g_clear_object (&session_vnc->connection); + g_clear_pointer (&session_vnc->rfb_screen->frameBuffer, g_free); +@@ -772,8 +817,8 @@ grd_session_vnc_stream_ready (GrdSession *session, + G_CALLBACK (on_pipwire_stream_closed), + session_vnc); + +- if (!session_vnc->source) +- grd_session_vnc_attach_source (session_vnc); ++ if (grd_session_vnc_is_paused (session_vnc)) ++ grd_session_vnc_resume (session_vnc); + } + + static void +@@ -792,4 +837,17 @@ grd_session_vnc_class_init (GrdSessionVncClass *klass) + + session_class->stop = grd_session_vnc_stop; + session_class->stream_ready = grd_session_vnc_stream_ready; ++ ++ signals[PAUSED] = g_signal_new ("paused", ++ G_TYPE_FROM_CLASS (klass), ++ G_SIGNAL_RUN_LAST, ++ 0, ++ NULL, NULL, NULL, ++ G_TYPE_NONE, 0); ++ signals[RESUMED] = g_signal_new ("resumed", ++ G_TYPE_FROM_CLASS (klass), ++ G_SIGNAL_RUN_LAST, ++ 0, ++ NULL, NULL, NULL, ++ G_TYPE_NONE, 0); + } +-- +2.23.0 + + +From b27fe979adf4910f4173370091a06b6a945f83ee Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jonas=20=C3=85dahl?= +Date: Wed, 27 Nov 2019 11:03:46 +0100 +Subject: [PATCH 2/4] session-vnc: Add grd_session_vnc_dispatch() helper + +To be used by the TLS channel security to dispatch when there is data +available that is not visible to the socket source. +--- + src/grd-session-vnc.c | 26 ++++++++++++++++---------- + src/grd-session-vnc.h | 2 ++ + 2 files changed, 18 insertions(+), 10 deletions(-) + +diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c +index 6be8330..c5f83d8 100644 +--- a/src/grd-session-vnc.c ++++ b/src/grd-session-vnc.c +@@ -624,6 +624,21 @@ vnc_socket_grab_func (GrdSessionVnc *session_vnc, + return TRUE; + } + ++void ++grd_session_vnc_dispatch (GrdSessionVnc *session_vnc) ++{ ++ GrdVncSocketGrabFunc grab_func; ++ g_autoptr (GError) error = NULL; ++ ++ grab_func = g_list_first (session_vnc->socket_grabs)->data; ++ if (!grab_func (session_vnc, &error)) ++ { ++ g_warning ("Error when reading socket: %s", error->message); ++ ++ grd_session_stop (GRD_SESSION (session_vnc)); ++ } ++} ++ + static gboolean + handle_socket_data (GSocket *socket, + GIOCondition condition, +@@ -640,16 +655,7 @@ handle_socket_data (GSocket *socket, + } + else if (condition & G_IO_IN) + { +- GrdVncSocketGrabFunc grab_func; +- g_autoptr (GError) error = NULL; +- +- grab_func = g_list_first (session_vnc->socket_grabs)->data; +- if (!grab_func (session_vnc, &error)) +- { +- g_warning ("Error when reading socket: %s", error->message); +- +- grd_session_stop (session); +- } ++ grd_session_vnc_dispatch (session_vnc); + } + else + { +diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h +index 789693e..e699d64 100644 +--- a/src/grd-session-vnc.h ++++ b/src/grd-session-vnc.h +@@ -68,6 +68,8 @@ void grd_session_vnc_grab_socket (GrdSessionVnc *session_vnc, + void grd_session_vnc_ungrab_socket (GrdSessionVnc *session_vnc, + GrdVncSocketGrabFunc grab_func); + ++void grd_session_vnc_dispatch (GrdSessionVnc *session_vnc); ++ + GrdVncServer * grd_session_vnc_get_vnc_server (GrdSessionVnc *session_vnc); + + #endif /* GRD_SESSION_VNC_H */ +-- +2.23.0 + + +From bb4e67869e9226c7e10907d59fee3247b3a7fa8c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jonas=20=C3=85dahl?= +Date: Wed, 27 Nov 2019 11:05:13 +0100 +Subject: [PATCH 3/4] vnc/tls: Add some logging + +Uses the log utility from libvncserver as it is related to the RFB +protocol rather than the session itself. +--- + src/grd-vnc-tls.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/grd-vnc-tls.c b/src/grd-vnc-tls.c +index 8fc0fc2..fb24b34 100644 +--- a/src/grd-vnc-tls.c ++++ b/src/grd-vnc-tls.c +@@ -67,6 +67,7 @@ grd_vnc_tls_context_new (void) + + tls_context = g_new0 (GrdVncTlsContext, 1); + ++ rfbLog ("TLS: Initializing gnutls context\n"); + gnutls_global_init (); + + gnutls_anon_allocate_server_credentials (&tls_context->anon_credentials); +@@ -127,6 +128,7 @@ perform_anon_tls_handshake (GrdVncTlsSession *tls_session, + ret = gnutls_handshake (tls_session->tls_session); + if (ret != GNUTLS_E_SUCCESS && !gnutls_error_is_fatal (ret)) + { ++ rfbLog ("TLS: More handshake pending\n"); + tls_session->handshake_state = GRD_TLS_HANDSHAKE_STATE_DURING; + return TRUE; + } +@@ -140,6 +142,8 @@ perform_anon_tls_handshake (GrdVncTlsSession *tls_session, + return FALSE; + } + ++ rfbLog ("TLS: Handshake finished"); ++ + tls_session->handshake_state = GRD_TLS_HANDSHAKE_STATE_FINISHED; + return TRUE; + } +@@ -373,6 +377,7 @@ perform_handshake (GrdSessionVnc *session_vnc, + break; + case GRD_TLS_HANDSHAKE_STATE_FINISHED: + grd_session_vnc_ungrab_socket (session_vnc, tls_handshake_grab_func); ++ rfbLog ("TLS: Sending post-channel security security list\n"); + rfbSendSecurityTypeList (grd_session_vnc_get_rfb_client (session_vnc), + RFB_SECURITY_TAG_CHANNEL); + break; +@@ -387,6 +392,7 @@ tls_handshake_grab_func (GrdSessionVnc *session_vnc, + { + g_autoptr (GError) handshake_error = NULL; + ++ rfbLog ("TLS: Continuing handshake\n"); + if (!perform_handshake (session_vnc, &handshake_error)) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, +@@ -404,6 +410,8 @@ rfb_tls_security_handler (rfbClientPtr rfb_client) + GrdVncTlsSession *tls_session; + g_autoptr(GError) error = NULL; + ++ rfbLog ("TLS: Setting up rfbClient for gnutls encrypted traffic\n"); ++ + tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc); + if (!tls_session) + { +@@ -424,6 +432,7 @@ rfb_tls_security_handler (rfbClientPtr rfb_client) + grd_session_vnc_grab_socket (session_vnc, tls_handshake_grab_func); + } + ++ rfbLog ("TLS: Performing handshake\n"); + if (!perform_handshake (session_vnc, &error)) + { + g_warning ("TLS handshake failed: %s", error->message); +-- +2.23.0 + + +From 707425d19861295bb64e5558d1f81175d0327429 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jonas=20=C3=85dahl?= +Date: Wed, 27 Nov 2019 11:07:40 +0100 +Subject: [PATCH 4/4] vnc/tls: Dispatch also when data is pending outside of + the socket + +gnutls may have data available in its buffers, and we have our own peek +buffer temporarly storing data later to be processed. This would missed +by the socket source, as it wouldn't get any notification about it from +epoll(). Deal with this by adding a custom source that dispatches as +long as there is data to read in those buffers. +--- + src/grd-session-vnc.h | 2 + + src/grd-vnc-tls.c | 92 ++++++++++++++++++++++++++++++++++++++++--- + 2 files changed, 88 insertions(+), 6 deletions(-) + +diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h +index e699d64..5a74b5f 100644 +--- a/src/grd-session-vnc.h ++++ b/src/grd-session-vnc.h +@@ -68,6 +68,8 @@ void grd_session_vnc_grab_socket (GrdSessionVnc *session_vnc, + void grd_session_vnc_ungrab_socket (GrdSessionVnc *session_vnc, + GrdVncSocketGrabFunc grab_func); + ++gboolean grd_session_vnc_is_paused (GrdSessionVnc *session_vnc); ++ + void grd_session_vnc_dispatch (GrdSessionVnc *session_vnc); + + GrdVncServer * grd_session_vnc_get_vnc_server (GrdSessionVnc *session_vnc); +diff --git a/src/grd-vnc-tls.c b/src/grd-vnc-tls.c +index fb24b34..815b40b 100644 +--- a/src/grd-vnc-tls.c ++++ b/src/grd-vnc-tls.c +@@ -41,6 +41,12 @@ typedef enum _GrdTlsHandshakeState + GRD_TLS_HANDSHAKE_STATE_FINISHED + } GrdTlsHandshakeState; + ++typedef struct _PeekBufferSource ++{ ++ GSource parent; ++ GrdSessionVnc *session_vnc; ++} PeekBufferSource; ++ + typedef struct _GrdVncTlsSession + { + GrdVncTlsContext *tls_context; +@@ -53,6 +59,8 @@ typedef struct _GrdVncTlsSession + char *peek_buffer; + int peek_buffer_size; + int peek_buffer_len; ++ ++ GSource *peek_buffer_source; + } GrdVncTlsSession; + + static gboolean +@@ -296,16 +304,14 @@ grd_vnc_tls_peek_at_socket (rfbClientPtr rfb_client, + peekable_len = MIN (len, tls_session->peek_buffer_len); + memcpy (buf, tls_session->peek_buffer, peekable_len); + ++ fprintf(stderr, ":::: %s:%d %s() - peeked %d bytes, can peek %d bytes\n", __FILE__, __LINE__, __func__, ++ peekable_len, tls_session->peek_buffer_len); + return peekable_len; + } + +-static rfbBool +-grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client) ++static gboolean ++grd_vnc_tls_session_has_pending_data (GrdVncTlsSession *tls_session) + { +- GrdSessionVnc *session_vnc = rfb_client->screen->screenData; +- GrdVncTlsSession *tls_session = +- grd_vnc_tls_session_from_vnc_session (session_vnc); +- + if (tls_session->peek_buffer_len > 0) + return TRUE; + +@@ -315,6 +321,16 @@ grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client) + return FALSE; + } + ++static rfbBool ++grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client) ++{ ++ GrdSessionVnc *session_vnc = rfb_client->screen->screenData; ++ GrdVncTlsSession *tls_session = ++ grd_vnc_tls_session_from_vnc_session (session_vnc); ++ ++ return grd_vnc_tls_session_has_pending_data (tls_session); ++} ++ + static int + grd_vnc_tls_write_to_socket (rfbClientPtr rfb_client, + const char *buf, +@@ -403,6 +419,62 @@ tls_handshake_grab_func (GrdSessionVnc *session_vnc, + return TRUE; + } + ++static gboolean ++peek_buffer_source_prepare (GSource *source, ++ int *timeout) ++{ ++ PeekBufferSource *psource = (PeekBufferSource *) source; ++ GrdSessionVnc *session_vnc = psource->session_vnc; ++ GrdVncTlsSession *tls_session = ++ grd_vnc_tls_session_from_vnc_session (session_vnc); ++ ++ return grd_vnc_tls_session_has_pending_data (tls_session); ++} ++ ++static gboolean ++peek_buffer_source_dispatch (GSource *source, ++ GSourceFunc callback, ++ gpointer user_data) ++{ ++ PeekBufferSource *psource = (PeekBufferSource *) source; ++ GrdSessionVnc *session_vnc = psource->session_vnc; ++ ++ grd_session_vnc_dispatch (session_vnc); ++ ++ return G_SOURCE_CONTINUE; ++} ++ ++static GSourceFuncs peek_buffer_source_funcs = { ++ .prepare = peek_buffer_source_prepare, ++ .dispatch = peek_buffer_source_dispatch, ++}; ++ ++static void ++attach_peek_buffer_source (GrdSessionVnc *session_vnc) ++{ ++ GrdVncTlsSession *tls_session; ++ ++ tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc); ++ tls_session->peek_buffer_source = g_source_new (&peek_buffer_source_funcs, ++ sizeof (PeekBufferSource)); ++ ((PeekBufferSource *) tls_session->peek_buffer_source)->session_vnc = ++ session_vnc; ++ g_source_set_priority (tls_session->peek_buffer_source, ++ G_PRIORITY_DEFAULT + 1); ++ ++ g_source_attach (tls_session->peek_buffer_source, NULL); ++} ++ ++static void ++detach_peek_buffer_source (GrdSessionVnc *session_vnc) ++{ ++ GrdVncTlsSession *tls_session; ++ ++ tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc); ++ ++ g_clear_pointer (&tls_session->peek_buffer_source, g_source_destroy); ++} ++ + static void + rfb_tls_security_handler (rfbClientPtr rfb_client) + { +@@ -429,6 +501,14 @@ rfb_tls_security_handler (rfbClientPtr rfb_client) + rfb_client->hasPendingOnSocket = grd_vnc_tls_has_pending_on_socket; + rfb_client->writeToSocket = grd_vnc_tls_write_to_socket; + ++ if (!grd_session_vnc_is_paused (session_vnc)) ++ attach_peek_buffer_source (session_vnc); ++ ++ g_signal_connect (session_vnc, "paused", ++ G_CALLBACK (detach_peek_buffer_source), NULL); ++ g_signal_connect (session_vnc, "resumed", ++ G_CALLBACK (attach_peek_buffer_source), NULL); ++ + grd_session_vnc_grab_socket (session_vnc, tls_handshake_grab_func); + } + +-- +2.23.0 + diff --git a/SPECS/gnome-remote-desktop.spec b/SPECS/gnome-remote-desktop.spec index 67ea66e..1ac93d3 100644 --- a/SPECS/gnome-remote-desktop.spec +++ b/SPECS/gnome-remote-desktop.spec @@ -2,7 +2,7 @@ Name: gnome-remote-desktop Version: 0.1.6 -Release: 5%{?dist} +Release: 8%{?dist} Summary: GNOME Remote Desktop screen share service License: GPLv2+ @@ -25,6 +25,12 @@ Patch4: rhel8.0.0-backports.patch # Backport password override, for testing (rhbz#1713330) Patch5: 0001-vnc-Allow-overriding-password-with-env-var.patch +# Fix initial black content issue (rhbz#1765448) +Patch6: fix-initial-black-screen.patch + +# Handle auth settings changes (rhbz#1684729) +Patch7: 0001-vnc-Unregister-previously-set-security-handlers-on-i.patch + BuildRequires: git BuildRequires: gcc BuildRequires: meson >= 0.36.0 @@ -83,6 +89,18 @@ GNOME desktop environment. %changelog +* Wed Nov 27 2019 Jonas Ådahl - 0.1.6-8 +- Update patch to handle older libvncserver at build time + Resolves: #1684729 + +* Wed Nov 27 2019 Jonas Ådahl - 0.1.6-7 +- Handle auth settings changes + Resolves: #1684729 + +* Wed Nov 27 2019 Jonas Ådahl - 0.1.6-6 +- Fix initial black content issue + Resolves: #1765448 + * Thu May 30 2019 Tomáš Popela - 0.1.6-5 - Bump the version to make gating happy - that's bug 1681618 - Resolves: rhbz#1713330