rpms/gnome-remote-desktop
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 1.8

Browse Source
This commit is contained in:
Jonas Ådahl 2020-03-20 09:51:26 +01:00
parent dd5f15587e
commit 5ab1cdde93
3 changed files with 594 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

617
0001-vnc-Add-anonymous-TLS-encryption-support.patch → anon-tls-support.patch
View File

@ -1,7 +1,7 @@
From 0a6f8835480a1bdb57b77a471bda9993acb8e0b9 Mon Sep 17 00:00:00 2001
From f431e71d2a40db2fcfc8f88ba5899b4b938b4c2f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Thu, 14 Jun 2018 12:21:37 +0200
Subject: [PATCH] vnc: Add anonymous TLS encryption support
Subject: [PATCH 1/6] vnc: Add anonymous TLS encryption support
Add support for encrypting the VNC connection using anonymous TLS. In
effect this means that the channel is encrypted using TLS but that no
@ -13,23 +13,23 @@ VNC connection.
src/grd-enums.h | 6 +
src/grd-session-vnc.c | 98 +++-
src/grd-session-vnc.h | 15 +
src/grd-settings.c | 27 ++
src/grd-settings.c | 28 ++
src/grd-settings.h | 2 +
src/grd-vnc-server.c | 45 ++
src/grd-vnc-tls.c | 444 ++++++++++++++++++
src/grd-vnc-tls.h | 28 ++
src/meson.build | 5 +-
...g.gnome.desktop.remote-desktop.gschema.xml | 10 +
11 files changed, 665 insertions(+), 16 deletions(-)
...nome.desktop.remote-desktop.gschema.xml.in | 10 +
11 files changed, 666 insertions(+), 16 deletions(-)
create mode 100644 src/grd-vnc-tls.c
create mode 100644 src/grd-vnc-tls.h
diff --git a/meson.build b/meson.build
index 86730f1..f1d10a6 100644
index 516656e..db77711 100644
--- a/meson.build
+++ b/meson.build
@@ -14,6 +14,7 @@ systemd_dep = dependency('systemd')
libvncserver_dep = dependency('libvncserver')
@@ -15,6 +15,7 @@ libvncserver_dep = dependency('libvncserver')
libvncclient_dep = dependency('libvncclient')
libsecret_dep = dependency('libsecret-1')
libnotify_dep = dependency('libnotify')
+gnutls_dep = dependency('gnutls')
@ -52,7 +52,7 @@ index ffab821..4333863 100644
+
#endif /* GRD_ENUMS_H */
diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
index 589ba4b..1990576 100644
index 4cdc379..6d489cc 100644
--- a/src/grd-session-vnc.c
+++ b/src/grd-session-vnc.c
@@ -44,7 +44,9 @@ struct _GrdSessionVnc
@ -96,7 +96,7 @@ index 589ba4b..1990576 100644
static void
init_vnc_session (GrdSessionVnc *session_vnc)
{
@@ -553,33 +573,74 @@ init_vnc_session (GrdSessionVnc *session_vnc)
@@ -554,33 +574,74 @@ init_vnc_session (GrdSessionVnc *session_vnc)
rfbProcessEvents (rfb_screen, 0);
}
@ -185,7 +185,7 @@ index 589ba4b..1990576 100644
}
return G_SOURCE_CONTINUE;
@@ -592,7 +653,10 @@ grd_session_vnc_attach_source (GrdSessionVnc *session_vnc)
@@ -593,7 +654,10 @@ grd_session_vnc_attach_source (GrdSessionVnc *session_vnc)
socket = g_socket_connection_get_socket (session_vnc->connection);
session_vnc->source = g_socket_create_source (socket,
@ -197,7 +197,7 @@ index 589ba4b..1990576 100644
NULL);
g_source_set_callback (session_vnc->source,
(GSourceFunc) handle_socket_data,
@@ -618,8 +682,10 @@ grd_session_vnc_new (GrdVncServer *vnc_server,
@@ -619,8 +683,10 @@ grd_session_vnc_new (GrdVncServer *vnc_server,
"context", context,
NULL);
@ -208,7 +208,7 @@ index 589ba4b..1990576 100644
grd_session_vnc_attach_source (session_vnc);
init_vnc_session (session_vnc);
@@ -634,6 +700,8 @@ grd_session_vnc_dispose (GObject *object)
@@ -635,6 +701,8 @@ grd_session_vnc_dispose (GObject *object)
g_assert (!session_vnc->rfb_screen);
@ -251,18 +251,18 @@ index 25919b6..e0601c3 100644
+
#endif /* GRD_SESSION_VNC_H */
diff --git a/src/grd-settings.c b/src/grd-settings.c
index a3a2afa..c886b7e 100644
index bdf8211..7324310 100644
--- a/src/grd-settings.c
+++ b/src/grd-settings.c
@@ -46,6 +46,7 @@ struct _GrdSettings
GSettings *settings;
@@ -48,6 +48,7 @@ struct _GrdSettings
gboolean view_only;
GrdVncAuthMethod auth_method;
int port;
+ GrdVncEncryption encryption;
} vnc;
};
@@ -87,6 +88,12 @@ grd_settings_get_vnc_auth_method (GrdSettings *settings)
@@ -120,6 +121,12 @@ grd_settings_get_vnc_auth_method (GrdSettings *settings)
return settings->vnc.auth_method;
}
@ -275,7 +275,7 @@ index a3a2afa..c886b7e 100644
static void
update_vnc_view_only (GrdSettings *settings)
{
@@ -101,6 +108,13 @@ update_vnc_auth_method (GrdSettings *settings)
@@ -134,6 +141,13 @@ update_vnc_auth_method (GrdSettings *settings)
"auth-method");
}
@ -289,7 +289,7 @@ index a3a2afa..c886b7e 100644
static void
on_vnc_settings_changed (GSettings *vnc_settings,
const char *key,
@@ -116,6 +130,11 @@ on_vnc_settings_changed (GSettings *vnc_settings,
@@ -149,6 +163,11 @@ on_vnc_settings_changed (GSettings *vnc_settings,
update_vnc_auth_method (settings);
g_signal_emit (settings, signals[VNC_AUTH_METHOD_CHANGED], 0);
}
@ -301,15 +301,16 @@ index a3a2afa..c886b7e 100644
}
static void
@@ -137,6 +156,7 @@ grd_settings_init (GrdSettings *settings)
update_vnc_view_only (settings);
@@ -172,6 +191,8 @@ grd_settings_init (GrdSettings *settings)
update_vnc_auth_method (settings);
settings->vnc.port = GRD_VNC_SERVER_PORT;
+
+ update_vnc_encryption (settings);
}
static void
@@ -160,4 +180,11 @@ grd_settings_class_init (GrdSettingsClass *klass)
@@ -195,4 +216,11 @@ grd_settings_class_init (GrdSettingsClass *klass)
0,
NULL, NULL, NULL,
G_TYPE_NONE, 0);
@ -322,10 +323,10 @@ index a3a2afa..c886b7e 100644
+ G_TYPE_NONE, 0);
}
diff --git a/src/grd-settings.h b/src/grd-settings.h
index 9b23b09..4bca403 100644
index e4e0c09..0575ec1 100644
--- a/src/grd-settings.h
+++ b/src/grd-settings.h
@@ -40,4 +40,6 @@ gboolean grd_settings_get_vnc_view_only (GrdSettings *settings);
@@ -45,4 +45,6 @@ gboolean grd_settings_get_vnc_view_only (GrdSettings *settings);
GrdVncAuthMethod grd_settings_get_vnc_auth_method (GrdSettings *settings);
@ -333,7 +334,7 @@ index 9b23b09..4bca403 100644
+
#endif /* GRD_SETTINGS_H */
diff --git a/src/grd-vnc-server.c b/src/grd-vnc-server.c
index a8fed02..769b7ec 100644
index a6d95cb..f9c68db 100644
--- a/src/grd-vnc-server.c
+++ b/src/grd-vnc-server.c
@@ -24,11 +24,13 @@
@ -348,9 +349,9 @@ index a8fed02..769b7ec 100644
#include "grd-session-vnc.h"
+#include "grd-vnc-tls.h"
#define GRD_VNC_SERVER_PORT 5900
@@ -131,6 +133,43 @@ on_incoming (GSocketService *service,
enum
@@ -130,6 +132,43 @@ on_incoming (GSocketService *service,
return TRUE;
}
@ -394,7 +395,7 @@ index a8fed02..769b7ec 100644
gboolean
grd_vnc_server_start (GrdVncServer *vnc_server,
GError **error)
@@ -219,12 +258,18 @@ static void
@@ -220,12 +259,18 @@ static void
grd_vnc_server_constructed (GObject *object)
{
GrdVncServer *vnc_server = GRD_VNC_SERVER (object);
@ -898,7 +899,7 @@ index 0000000..135ef8c
+
+#endif /* GRD_VNC_TLS_H */
diff --git a/src/meson.build b/src/meson.build
index e6ba615..31c7221 100644
index 0f76fab..9d2f1ce 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -21,6 +21,8 @@ daemon_sources = files([
@ -920,10 +921,10 @@ index e6ba615..31c7221 100644
include_directories: [configinc],
install: true,
install_dir: libexecdir)
diff --git a/src/org.gnome.desktop.remote-desktop.gschema.xml b/src/org.gnome.desktop.remote-desktop.gschema.xml
diff --git a/src/org.gnome.desktop.remote-desktop.gschema.xml.in b/src/org.gnome.desktop.remote-desktop.gschema.xml.in
index a5c2022..846e65b 100644
--- a/src/org.gnome.desktop.remote-desktop.gschema.xml
+++ b/src/org.gnome.desktop.remote-desktop.gschema.xml
--- a/src/org.gnome.desktop.remote-desktop.gschema.xml.in
+++ b/src/org.gnome.desktop.remote-desktop.gschema.xml.in
@@ -23,5 +23,15 @@
* password - by requiring the remote client to provide a known password
</description>
@ -941,5 +942,553 @@ index a5c2022..846e65b 100644
</schema>
</schemalist>
--
2.20.1
2.25.1
From 73c96bb84856362e2446645533bfff8af2e90529 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 11:02:09 +0100
Subject: [PATCH 2/6] session-vnc: Add paused/resumed signals
Paused is when the socket sourec is detached, and resumed when attached.
Meant to be used by the TLS channel security to a attach/detach
out-of-socket source.
---
src/grd-session-vnc.c | 72 ++++++++++++++++++++++++++++++++++++++-----
1 file changed, 65 insertions(+), 7 deletions(-)
diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
index 6d489cc..afe5889 100644
--- a/src/grd-session-vnc.c
+++ b/src/grd-session-vnc.c
@@ -40,14 +40,27 @@
#define BGRX_SAMPLES_PER_PIXEL 3
#define BGRX_BYTES_PER_PIXEL 4
+enum
+{
+ PAUSED,
+ RESUMED,
+
+ N_SIGNALS
+};
+
+static guint signals[N_SIGNALS];
+
struct _GrdSessionVnc
{
GrdSession parent;
GrdVncServer *vnc_server;
GSocketConnection *connection;
+
GList *socket_grabs;
GSource *source;
+ gboolean is_paused;
+
rfbScreenInfoPtr rfb_screen;
rfbClientPtr rfb_client;
@@ -73,7 +86,7 @@ struct _GrdSessionVnc
G_DEFINE_TYPE (GrdSessionVnc, grd_session_vnc, GRD_TYPE_SESSION);
static void
-grd_session_vnc_detach_source (GrdSessionVnc *session_vnc);
+grd_session_vnc_pause (GrdSessionVnc *session_vnc);
static gboolean
close_session_idle (gpointer user_data);
@@ -215,7 +228,8 @@ handle_client_gone (rfbClientPtr rfb_client)
g_debug ("VNC client gone");
- grd_session_vnc_detach_source (session_vnc);
+ grd_session_vnc_pause (session_vnc);
+
maybe_queue_close_session_idle (session_vnc);
}
@@ -283,7 +297,7 @@ handle_new_client (rfbClientPtr rfb_client)
session_vnc->prompt_cancellable,
prompt_response_callback,
session_vnc);
- grd_session_vnc_detach_source (session_vnc);
+ grd_session_vnc_pause (session_vnc);
return RFB_CLIENT_ON_HOLD;
case GRD_VNC_AUTH_METHOD_PASSWORD:
session_vnc->rfb_screen->passwordCheck = check_rfb_password;
@@ -501,7 +515,7 @@ check_rfb_password (rfbClientPtr rfb_client,
if (memcmp (challenge_encrypted, response_encrypted, len) == 0)
{
grd_session_start (GRD_SESSION (session_vnc));
- grd_session_vnc_detach_source (session_vnc);
+ grd_session_vnc_pause (session_vnc);
return TRUE;
}
else
@@ -671,6 +685,36 @@ grd_session_vnc_detach_source (GrdSessionVnc *session_vnc)
g_clear_pointer (&session_vnc->source, g_source_destroy);
}
+gboolean
+grd_session_vnc_is_paused (GrdSessionVnc *session_vnc)
+{
+ return session_vnc->is_paused;
+}
+
+static void
+grd_session_vnc_pause (GrdSessionVnc *session_vnc)
+{
+ if (grd_session_vnc_is_paused (session_vnc))
+ return;
+
+ session_vnc->is_paused = TRUE;
+
+ grd_session_vnc_detach_source (session_vnc);
+ g_signal_emit (session_vnc, signals[PAUSED], 0);
+}
+
+static void
+grd_session_vnc_resume (GrdSessionVnc *session_vnc)
+{
+ if (!grd_session_vnc_is_paused (session_vnc))
+ return;
+
+ session_vnc->is_paused = FALSE;
+
+ grd_session_vnc_attach_source (session_vnc);
+ g_signal_emit (session_vnc, signals[RESUMED], 0);
+}
+
GrdSessionVnc *
grd_session_vnc_new (GrdVncServer *vnc_server,
GSocketConnection *connection)
@@ -688,6 +732,7 @@ grd_session_vnc_new (GrdVncServer *vnc_server,
grd_session_vnc_grab_socket (session_vnc, vnc_socket_grab_func);
grd_session_vnc_attach_source (session_vnc);
+ session_vnc->is_paused = FALSE;
init_vnc_session (session_vnc);
@@ -717,7 +762,7 @@ grd_session_vnc_stop (GrdSession *session)
g_clear_object (&session_vnc->pipewire_stream);
- grd_session_vnc_detach_source (session_vnc);
+ grd_session_vnc_pause (session_vnc);
g_clear_object (&session_vnc->connection);
g_clear_pointer (&session_vnc->rfb_screen->frameBuffer, g_free);
@@ -773,8 +818,8 @@ grd_session_vnc_stream_ready (GrdSession *session,
G_CALLBACK (on_pipwire_stream_closed),
session_vnc);
- if (!session_vnc->source)
- grd_session_vnc_attach_source (session_vnc);
+ if (grd_session_vnc_is_paused (session_vnc))
+ grd_session_vnc_resume (session_vnc);
}
static void
@@ -793,4 +838,17 @@ grd_session_vnc_class_init (GrdSessionVncClass *klass)
session_class->stop = grd_session_vnc_stop;
session_class->stream_ready = grd_session_vnc_stream_ready;
+
+ signals[PAUSED] = g_signal_new ("paused",
+ G_TYPE_FROM_CLASS (klass),
+ G_SIGNAL_RUN_LAST,
+ 0,
+ NULL, NULL, NULL,
+ G_TYPE_NONE, 0);
+ signals[RESUMED] = g_signal_new ("resumed",
+ G_TYPE_FROM_CLASS (klass),
+ G_SIGNAL_RUN_LAST,
+ 0,
+ NULL, NULL, NULL,
+ G_TYPE_NONE, 0);
}
--
2.25.1
From fd139827f668c3fadf61a90b47c1b01a95ba0503 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 11:03:46 +0100
Subject: [PATCH 3/6] session-vnc: Add grd_session_vnc_dispatch() helper
To be used by the TLS channel security to dispatch when there is data
available that is not visible to the socket source.
---
src/grd-session-vnc.c | 26 ++++++++++++++++----------
src/grd-session-vnc.h | 2 ++
2 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
index afe5889..e26f145 100644
--- a/src/grd-session-vnc.c
+++ b/src/grd-session-vnc.c
@@ -625,6 +625,21 @@ vnc_socket_grab_func (GrdSessionVnc *session_vnc,
return TRUE;
}
+void
+grd_session_vnc_dispatch (GrdSessionVnc *session_vnc)
+{
+ GrdVncSocketGrabFunc grab_func;
+ g_autoptr (GError) error = NULL;
+
+ grab_func = g_list_first (session_vnc->socket_grabs)->data;
+ if (!grab_func (session_vnc, &error))
+ {
+ g_warning ("Error when reading socket: %s", error->message);
+
+ grd_session_stop (GRD_SESSION (session_vnc));
+ }
+}
+
static gboolean
handle_socket_data (GSocket *socket,
GIOCondition condition,
@@ -641,16 +656,7 @@ handle_socket_data (GSocket *socket,
}
else if (condition & G_IO_IN)
{
- GrdVncSocketGrabFunc grab_func;
- g_autoptr (GError) error = NULL;
-
- grab_func = g_list_first (session_vnc->socket_grabs)->data;
- if (!grab_func (session_vnc, &error))
- {
- g_warning ("Error when reading socket: %s", error->message);
-
- grd_session_stop (session);
- }
+ grd_session_vnc_dispatch (session_vnc);
}
else
{
diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
index e0601c3..5caa9f4 100644
--- a/src/grd-session-vnc.h
+++ b/src/grd-session-vnc.h
@@ -68,6 +68,8 @@ void grd_session_vnc_grab_socket (GrdSessionVnc *session_vnc,
void grd_session_vnc_ungrab_socket (GrdSessionVnc *session_vnc,
GrdVncSocketGrabFunc grab_func);
+void grd_session_vnc_dispatch (GrdSessionVnc *session_vnc);
+
GrdVncServer * grd_session_vnc_get_vnc_server (GrdSessionVnc *session_vnc);
#endif /* GRD_SESSION_VNC_H */
--
2.25.1
From 7bdf190a3a69cecfe8027ee499b5029cfb12f3da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 11:05:13 +0100
Subject: [PATCH 4/6] vnc/tls: Add some logging
Uses the log utility from libvncserver as it is related to the RFB
protocol rather than the session itself.
---
src/grd-vnc-tls.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/grd-vnc-tls.c b/src/grd-vnc-tls.c
index ec4758e..ac6c35f 100644
--- a/src/grd-vnc-tls.c
+++ b/src/grd-vnc-tls.c
@@ -67,6 +67,7 @@ grd_vnc_tls_context_new (void)
tls_context = g_new0 (GrdVncTlsContext, 1);
+ rfbLog ("TLS: Initializing gnutls context\n");
gnutls_global_init ();
gnutls_anon_allocate_server_credentials (&tls_context->anon_credentials);
@@ -127,6 +128,7 @@ perform_anon_tls_handshake (GrdVncTlsSession *tls_session,
ret = gnutls_handshake (tls_session->tls_session);
if (ret != GNUTLS_E_SUCCESS && !gnutls_error_is_fatal (ret))
{
+ rfbLog ("TLS: More handshake pending\n");
tls_session->handshake_state = GRD_TLS_HANDSHAKE_STATE_DURING;
return TRUE;
}
@@ -140,6 +142,8 @@ perform_anon_tls_handshake (GrdVncTlsSession *tls_session,
return FALSE;
}
+ rfbLog ("TLS: Handshake finished");
+
tls_session->handshake_state = GRD_TLS_HANDSHAKE_STATE_FINISHED;
return TRUE;
}
@@ -373,6 +377,7 @@ perform_handshake (GrdSessionVnc *session_vnc,
break;
case GRD_TLS_HANDSHAKE_STATE_FINISHED:
grd_session_vnc_ungrab_socket (session_vnc, tls_handshake_grab_func);
+ rfbLog ("TLS: Sending post-channel security security list\n");
rfbSendSecurityTypeList (grd_session_vnc_get_rfb_client (session_vnc),
RFB_SECURITY_TAG_CHANNEL);
break;
@@ -387,6 +392,7 @@ tls_handshake_grab_func (GrdSessionVnc *session_vnc,
{
g_autoptr (GError) handshake_error = NULL;
+ rfbLog ("TLS: Continuing handshake\n");
if (!perform_handshake (session_vnc, &handshake_error))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
@@ -404,6 +410,8 @@ rfb_tls_security_handler (rfbClientPtr rfb_client)
GrdVncTlsSession *tls_session;
g_autoptr(GError) error = NULL;
+ rfbLog ("TLS: Setting up rfbClient for gnutls encrypted traffic\n");
+
tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc);
if (!tls_session)
{
@@ -424,6 +432,7 @@ rfb_tls_security_handler (rfbClientPtr rfb_client)
grd_session_vnc_grab_socket (session_vnc, tls_handshake_grab_func);
}
+ rfbLog ("TLS: Performing handshake\n");
if (!perform_handshake (session_vnc, &error))
{
g_warning ("TLS handshake failed: %s", error->message);
--
2.25.1
From 15a28c9f383b260e9b1cef37a663bff7d2efa255 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 11:07:40 +0100
Subject: [PATCH 5/6] vnc/tls: Dispatch also when data is pending outside of
the socket
gnutls may have data available in its buffers, and we have our own peek
buffer temporarly storing data later to be processed. This would missed
by the socket source, as it wouldn't get any notification about it from
epoll(). Deal with this by adding a custom source that dispatches as
long as there is data to read in those buffers.
---
src/grd-session-vnc.h | 2 +
src/grd-vnc-tls.c | 92 ++++++++++++++++++++++++++++++++++++++++---
2 files changed, 88 insertions(+), 6 deletions(-)
diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
index 5caa9f4..db1c7f3 100644
--- a/src/grd-session-vnc.h
+++ b/src/grd-session-vnc.h
@@ -68,6 +68,8 @@ void grd_session_vnc_grab_socket (GrdSessionVnc *session_vnc,
void grd_session_vnc_ungrab_socket (GrdSessionVnc *session_vnc,
GrdVncSocketGrabFunc grab_func);
+gboolean grd_session_vnc_is_paused (GrdSessionVnc *session_vnc);
+
void grd_session_vnc_dispatch (GrdSessionVnc *session_vnc);
GrdVncServer * grd_session_vnc_get_vnc_server (GrdSessionVnc *session_vnc);
diff --git a/src/grd-vnc-tls.c b/src/grd-vnc-tls.c
index ac6c35f..8f65225 100644
--- a/src/grd-vnc-tls.c
+++ b/src/grd-vnc-tls.c
@@ -41,6 +41,12 @@ typedef enum _GrdTlsHandshakeState
GRD_TLS_HANDSHAKE_STATE_FINISHED
} GrdTlsHandshakeState;
+typedef struct _PeekBufferSource
+{
+ GSource parent;
+ GrdSessionVnc *session_vnc;
+} PeekBufferSource;
+
typedef struct _GrdVncTlsSession
{
GrdVncTlsContext *tls_context;
@@ -53,6 +59,8 @@ typedef struct _GrdVncTlsSession
char *peek_buffer;
int peek_buffer_size;
int peek_buffer_len;
+
+ GSource *peek_buffer_source;
} GrdVncTlsSession;
static gboolean
@@ -296,16 +304,14 @@ grd_vnc_tls_peek_at_socket (rfbClientPtr rfb_client,
peekable_len = MIN (len, tls_session->peek_buffer_len);
memcpy (buf, tls_session->peek_buffer, peekable_len);
+ fprintf(stderr, ":::: %s:%d %s() - peeked %d bytes, can peek %d bytes\n", __FILE__, __LINE__, __func__,
+ peekable_len, tls_session->peek_buffer_len);
return peekable_len;
}
-static rfbBool
-grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client)
+static gboolean
+grd_vnc_tls_session_has_pending_data (GrdVncTlsSession *tls_session)
{
- GrdSessionVnc *session_vnc = rfb_client->screen->screenData;
- GrdVncTlsSession *tls_session =
- grd_vnc_tls_session_from_vnc_session (session_vnc);
-
if (tls_session->peek_buffer_len > 0)
return TRUE;
@@ -315,6 +321,16 @@ grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client)
return FALSE;
}
+static rfbBool
+grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client)
+{
+ GrdSessionVnc *session_vnc = rfb_client->screen->screenData;
+ GrdVncTlsSession *tls_session =
+ grd_vnc_tls_session_from_vnc_session (session_vnc);
+
+ return grd_vnc_tls_session_has_pending_data (tls_session);
+}
+
static int
grd_vnc_tls_write_to_socket (rfbClientPtr rfb_client,
const char *buf,
@@ -403,6 +419,62 @@ tls_handshake_grab_func (GrdSessionVnc *session_vnc,
return TRUE;
}
+static gboolean
+peek_buffer_source_prepare (GSource *source,
+ int *timeout)
+{
+ PeekBufferSource *psource = (PeekBufferSource *) source;
+ GrdSessionVnc *session_vnc = psource->session_vnc;
+ GrdVncTlsSession *tls_session =
+ grd_vnc_tls_session_from_vnc_session (session_vnc);
+
+ return grd_vnc_tls_session_has_pending_data (tls_session);
+}
+
+static gboolean
+peek_buffer_source_dispatch (GSource *source,
+ GSourceFunc callback,
+ gpointer user_data)
+{
+ PeekBufferSource *psource = (PeekBufferSource *) source;
+ GrdSessionVnc *session_vnc = psource->session_vnc;
+
+ grd_session_vnc_dispatch (session_vnc);
+
+ return G_SOURCE_CONTINUE;
+}
+
+static GSourceFuncs peek_buffer_source_funcs = {
+ .prepare = peek_buffer_source_prepare,
+ .dispatch = peek_buffer_source_dispatch,
+};
+
+static void
+attach_peek_buffer_source (GrdSessionVnc *session_vnc)
+{
+ GrdVncTlsSession *tls_session;
+
+ tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc);
+ tls_session->peek_buffer_source = g_source_new (&peek_buffer_source_funcs,
+ sizeof (PeekBufferSource));
+ ((PeekBufferSource *) tls_session->peek_buffer_source)->session_vnc =
+ session_vnc;
+ g_source_set_priority (tls_session->peek_buffer_source,
+ G_PRIORITY_DEFAULT + 1);
+
+ g_source_attach (tls_session->peek_buffer_source, NULL);
+}
+
+static void
+detach_peek_buffer_source (GrdSessionVnc *session_vnc)
+{
+ GrdVncTlsSession *tls_session;
+
+ tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc);
+
+ g_clear_pointer (&tls_session->peek_buffer_source, g_source_destroy);
+}
+
static void
rfb_tls_security_handler (rfbClientPtr rfb_client)
{
@@ -429,6 +501,14 @@ rfb_tls_security_handler (rfbClientPtr rfb_client)
rfb_client->hasPendingOnSocket = grd_vnc_tls_has_pending_on_socket;
rfb_client->writeToSocket = grd_vnc_tls_write_to_socket;
+ if (!grd_session_vnc_is_paused (session_vnc))
+ attach_peek_buffer_source (session_vnc);
+
+ g_signal_connect (session_vnc, "paused",
+ G_CALLBACK (detach_peek_buffer_source), NULL);
+ g_signal_connect (session_vnc, "resumed",
+ G_CALLBACK (attach_peek_buffer_source), NULL);
+
grd_session_vnc_grab_socket (session_vnc, tls_handshake_grab_func);
}
--
2.25.1
From a85de2328db0a0d3412f13a5c9f3a0c2676b6239 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 16:48:00 +0100
Subject: [PATCH 6/6] session-vnc: Set our own password handling function up
front
libvncserver decides whether to register a auth security handler
depending on whether the password data is set or not. When we use the
prompt auth method, we don't want to ask for password, so set the
password data to NULL.
Also, to be a bit more in control of the password mechanism, always set
the password function up front, instead of just when the client uses the
password prompt.
---
src/grd-session-vnc.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
index e26f145..740e68c 100644
--- a/src/grd-session-vnc.c
+++ b/src/grd-session-vnc.c
@@ -91,11 +91,6 @@ grd_session_vnc_pause (GrdSessionVnc *session_vnc);
static gboolean
close_session_idle (gpointer user_data);
-static rfbBool
-check_rfb_password (rfbClientPtr rfb_client,
- const char *response_encrypted,
- int len);
-
static void
swap_uint8 (uint8_t *a,
uint8_t *b)
@@ -300,7 +295,6 @@ handle_new_client (rfbClientPtr rfb_client)
grd_session_vnc_pause (session_vnc);
return RFB_CLIENT_ON_HOLD;
case GRD_VNC_AUTH_METHOD_PASSWORD:
- session_vnc->rfb_screen->passwordCheck = check_rfb_password;
/*
* authPasswdData needs to be non NULL in libvncserver to trigger
* password authentication.
@@ -584,6 +578,8 @@ init_vnc_session (GrdSessionVnc *session_vnc)
rfb_screen->frameBuffer = g_malloc0 (screen_width * screen_height * 4);
memset (rfb_screen->frameBuffer, 0x1f, screen_width * screen_height * 4);
+ rfb_screen->passwordCheck = check_rfb_password;
+
rfbInitServer (rfb_screen);
rfbProcessEvents (rfb_screen, 0);
}
--
2.25.1

15
gnome-remote-desktop.spec
View File

@ -1,16 +1,16 @@
%global systemd_unit gnome-remote-desktop.service
Name: gnome-remote-desktop
Version: 0.1.7
Release: 3%{?dist}
Version: 0.1.8
Release: 1%{?dist}
Summary: GNOME Remote Desktop screen share service
License: GPLv2+
URL: https://gitlab.gnome.org/jadahl/gnome-remote-desktop
Source0: https://gitlab.gnome.org/jadahl/gnome-remote-desktop/uploads/ed3e8b8ebc1a74b6f4ed7260a2739f40/gnome-remote-desktop-0.1.7.tar.xz
Source0: https://gitlab.gnome.org/jadahl/gnome-remote-desktop/uploads/6b6c139b154fbaf51075ac084c0fe14b/gnome-remote-desktop-0.1.8.tar.xz
# Adds encryption support (requires patched LibVNCServer)
Patch0: 0001-vnc-Add-anonymous-TLS-encryption-support.patch
Patch0: anon-tls-support.patch
BuildRequires: git
BuildRequires: gcc
@ -18,7 +18,7 @@ BuildRequires: meson >= 0.36.0
BuildRequires: pkgconfig
BuildRequires: pkgconfig(glib-2.0) >= 2.32
BuildRequires: pkgconfig(gio-unix-2.0) >= 2.32
BuildRequires: pkgconfig(libpipewire-0.2) >= 0.2.5
BuildRequires: pkgconfig(libpipewire-0.3) >= 0.3.0
BuildRequires: pkgconfig(libvncserver) >= 0.9.11-7
BuildRequires: pkgconfig(libsecret-1)
BuildRequires: pkgconfig(libnotify)
@ -27,7 +27,7 @@ BuildRequires: pkgconfig(gnutls)
%{?systemd_requires}
BuildRequires: systemd
Requires: pipewire >= 0.2.5
Requires: pipewire >= 0.3.0
%description
GNOME Remote Desktop is a remote desktop and screen sharing service for the
@ -69,6 +69,9 @@ GNOME desktop environment.
%changelog
* Wed Mar 11 2020 Jonas Ådahl <jadahl@redhat.com> - 0.1.8-1
- Update to 0.1.8
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
SHA512 (gnome-remote-desktop-0.1.7.tar.xz) = dd20e5e6fd724ff03d8a32319c7145f1fef4331439e52921b812f087e6b83185bf318bb2fb9758fe083ec3cfea30448b601da4ed1aba85fa892ef7fbb794b9ed
SHA512 (gnome-remote-desktop-0.1.8.tar.xz) = 83e7d9e356c7121d6d102e2f0159f3ff20d039d705dd1ffa7c582a90aa2f433aa6f0153b972f1f2a4da928f842bfb7a950e7ba4b8ff6fda1deb8cf7792114315