From 7daeac56f7fd9c15c053b868a5890c9d8ff20d09 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Tue, 29 Sep 2020 15:36:10 +0200 Subject: [PATCH] backport upstream fix allowing Tigervnc to specify boolean values in configuration Revert removal of vncserver for F32 and F33 --- tigervnc-systemd-service.patch | 47 + tigervnc-tolerate-specifying-boolparam.patch | 149 ++++ tigervnc.spec | 39 +- vncserver | 887 +++++++++++++++++++ vncserver.man | 204 +++++ 5 files changed, 1319 insertions(+), 7 deletions(-) create mode 100644 tigervnc-systemd-service.patch create mode 100644 tigervnc-tolerate-specifying-boolparam.patch create mode 100644 vncserver create mode 100644 vncserver.man diff --git a/tigervnc-systemd-service.patch b/tigervnc-systemd-service.patch new file mode 100644 index 0000000..846a34b --- /dev/null +++ b/tigervnc-systemd-service.patch @@ -0,0 +1,47 @@ +From 40f104ffe1e36df9613f8d316f616fb2b089cc86 Mon Sep 17 00:00:00 2001 +From: Jan Grulich +Date: Tue, 29 Sep 2020 13:37:16 +0200 +Subject: [PATCH] Use /run instead of /var/run which is just a symlink + +--- + unix/vncserver/selinux/vncsession.fc | 2 +- + unix/vncserver/vncserver@.service.in | 2 +- + unix/vncserver/vncsession.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc +index 121cdd237..ae768baa4 100644 +--- a/unix/vncserver/selinux/vncsession.fc ++++ b/unix/vncserver/selinux/vncsession.fc +@@ -23,4 +23,4 @@ HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:xdm_home_t,s0) + /usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0) + /usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0) + +-/var/run/vncsession-:[0-9]*\.pid -- gen_context(system_u:object_r:vnc_session_var_run_t,s0) ++/run/vncsession-:[0-9]*\.pid -- gen_context(system_u:object_r:vnc_session_var_run_t,s0) +diff --git a/unix/vncserver/vncserver@.service.in b/unix/vncserver/vncserver@.service.in +index 584ecf4b1..5624dff76 100644 +--- a/unix/vncserver/vncserver@.service.in ++++ b/unix/vncserver/vncserver@.service.in +@@ -36,7 +36,7 @@ After=syslog.target network.target + [Service] + Type=forking + ExecStart=@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-start %i +-PIDFile=/var/run/vncsession-%i.pid ++PIDFile=/run/vncsession-%i.pid + SELinuxContext=system_u:system_r:vnc_session_t:s0 + + [Install] +diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c +index 3e0c98f0f..2b47f5f55 100644 +--- a/unix/vncserver/vncsession.c ++++ b/unix/vncserver/vncsession.c +@@ -543,7 +543,7 @@ main(int argc, char **argv) + } + + snprintf(pid_file, sizeof(pid_file), +- "/var/run/vncsession-%s.pid", display); ++ "/run/vncsession-%s.pid", display); + f = fopen(pid_file, "w"); + if (f == NULL) { + syslog(LOG_ERR, "Failure creating pid file \"%s\": %s", diff --git a/tigervnc-tolerate-specifying-boolparam.patch b/tigervnc-tolerate-specifying-boolparam.patch new file mode 100644 index 0000000..70ddef3 --- /dev/null +++ b/tigervnc-tolerate-specifying-boolparam.patch @@ -0,0 +1,149 @@ +From 38c6848b30cb1908171f2b4628e345fbf6727b39 Mon Sep 17 00:00:00 2001 +From: Pierre Ossman +Date: Fri, 18 Sep 2020 10:44:32 +0200 +Subject: [PATCH] Tolerate specifying -BoolParam 0 and similar + +This is needed by vncserver which doesn't know which parameters are +boolean, and it cannot use the -Param=Value form as that isn't tolerated +by the Xorg code. +--- + unix/vncserver/vncserver.in | 8 ++++---- + unix/xserver/hw/vnc/RFBGlue.cc | 16 ++++++++++++++++ + unix/xserver/hw/vnc/RFBGlue.h | 1 + + unix/xserver/hw/vnc/xvnc.c | 14 ++++++++++++++ + vncviewer/vncviewer.cxx | 20 ++++++++++++++++++++ + 5 files changed, 55 insertions(+), 4 deletions(-) + +diff --git a/unix/vncserver/vncserver.in b/unix/vncserver/vncserver.in +index 25fbbd315..261b258f1 100755 +--- a/unix/vncserver/vncserver.in ++++ b/unix/vncserver/vncserver.in +@@ -107,7 +107,7 @@ $default_opts{rfbwait} = 30000; + $default_opts{rfbauth} = "$vncUserDir/passwd"; + $default_opts{rfbport} = $vncPort; + $default_opts{fp} = $fontPath if ($fontPath); +-$default_opts{pn} = ""; ++$default_opts{pn} = undef; + + # Load user-overrideable system defaults + LoadConfig($vncSystemConfigDefaultsFile); +@@ -242,13 +242,13 @@ push(@cmd, "@CMAKE_INSTALL_FULL_BINDIR@/Xvnc", ":$displayNumber"); + + foreach my $k (sort keys %config) { + push(@cmd, "-$k"); +- push(@cmd, $config{$k}) if $config{$k}; ++ push(@cmd, $config{$k}) if defined($config{$k}); + delete $default_opts{$k}; # file options take precedence + } + + foreach my $k (sort keys %default_opts) { + push(@cmd, "-$k"); +- push(@cmd, $default_opts{$k}) if $default_opts{$k}; ++ push(@cmd, $default_opts{$k}) if defined($default_opts{$k}); + } + + warn "\nNew '$desktopName' desktop is $host:$displayNumber\n\n"; +@@ -291,7 +291,7 @@ sub LoadConfig { + # current config file being loaded defined the logical opposite setting + # (NeverShared vs. AlwaysShared, etc etc). + $toggle = lc($1); # must normalize key case +- $config{$toggle} = $k; ++ $config{$toggle} = undef; + } + } + close(IN); +diff --git a/unix/xserver/hw/vnc/RFBGlue.cc b/unix/xserver/hw/vnc/RFBGlue.cc +index f108fae43..7c32bea8f 100644 +--- a/unix/xserver/hw/vnc/RFBGlue.cc ++++ b/unix/xserver/hw/vnc/RFBGlue.cc +@@ -143,6 +143,22 @@ const char* vncGetParamDesc(const char *name) + return param->getDescription(); + } + ++int vncIsParamBool(const char *name) ++{ ++ VoidParameter *param; ++ BoolParameter *bparam; ++ ++ param = rfb::Configuration::getParam(name); ++ if (param == NULL) ++ return false; ++ ++ bparam = dynamic_cast(param); ++ if (bparam == NULL) ++ return false; ++ ++ return true; ++} ++ + int vncGetParamCount(void) + { + int count; +diff --git a/unix/xserver/hw/vnc/RFBGlue.h b/unix/xserver/hw/vnc/RFBGlue.h +index 112405b84..695cea105 100644 +--- a/unix/xserver/hw/vnc/RFBGlue.h ++++ b/unix/xserver/hw/vnc/RFBGlue.h +@@ -41,6 +41,7 @@ int vncSetParam(const char *name, const char *value); + int vncSetParamSimple(const char *nameAndValue); + char* vncGetParam(const char *name); + const char* vncGetParamDesc(const char *name); ++int vncIsParamBool(const char *name); + + int vncGetParamCount(void); + char *vncGetParamList(void); +diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c +index 4eb0b0b13..5744acac8 100644 +--- a/unix/xserver/hw/vnc/xvnc.c ++++ b/unix/xserver/hw/vnc/xvnc.c +@@ -618,6 +618,20 @@ ddxProcessArgument(int argc, char *argv[], int i) + exit(0); + } + ++ /* We need to resolve an ambiguity for booleans */ ++ if (argv[i][0] == '-' && i+1 < argc && ++ vncIsParamBool(&argv[i][1])) { ++ if ((strcasecmp(argv[i+1], "0") == 0) || ++ (strcasecmp(argv[i+1], "1") == 0) || ++ (strcasecmp(argv[i+1], "true") == 0) || ++ (strcasecmp(argv[i+1], "false") == 0) || ++ (strcasecmp(argv[i+1], "yes") == 0) || ++ (strcasecmp(argv[i+1], "no") == 0)) { ++ vncSetParam(&argv[i][1], argv[i+1]); ++ return 2; ++ } ++ } ++ + if (vncSetParamSimple(argv[i])) + return 1; + +diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx +index d4dd3063c..77ba3d3f4 100644 +--- a/vncviewer/vncviewer.cxx ++++ b/vncviewer/vncviewer.cxx +@@ -556,6 +556,26 @@ int main(int argc, char** argv) + } + + for (int i = 1; i < argc;) { ++ /* We need to resolve an ambiguity for booleans */ ++ if (argv[i][0] == '-' && i+1 < argc) { ++ VoidParameter *param; ++ ++ param = Configuration::getParam(&argv[i][1]); ++ if ((param != NULL) && ++ (dynamic_cast(param) != NULL)) { ++ if ((strcasecmp(argv[i+1], "0") == 0) || ++ (strcasecmp(argv[i+1], "1") == 0) || ++ (strcasecmp(argv[i+1], "true") == 0) || ++ (strcasecmp(argv[i+1], "false") == 0) || ++ (strcasecmp(argv[i+1], "yes") == 0) || ++ (strcasecmp(argv[i+1], "no") == 0)) { ++ param->setParam(argv[i+1]); ++ i += 2; ++ continue; ++ } ++ } ++ } ++ + if (Configuration::setParam(argv[i])) { + i++; + continue; diff --git a/tigervnc.spec b/tigervnc.spec index b2f736d..246f443 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -1,6 +1,6 @@ Name: tigervnc Version: 1.11.0 -Release: 5%{?dist} +Release: 6%{?dist} Summary: A TigerVNC remote display system %global _hardened_build 1 @@ -14,9 +14,17 @@ Source2: xvnc.socket Source3: 10-libvnc.conf Source4: HOWTO.md -Patch2: tigervnc-getmaster.patch -Patch5: tigervnc-utilize-system-crypto-policies.patch -Patch7: tigervnc-passwd-crash-with-malloc-checks.patch +# Backwards compatibility +Source5: vncserver +Source6: vncserver.man + +Patch1: tigervnc-getmaster.patch +Patch2: tigervnc-utilize-system-crypto-policies.patch +Patch3: tigervnc-passwd-crash-with-malloc-checks.patch +Patch4: tigervnc-systemd-service.patch + +# Upstream patches +Patch50: tigervnc-tolerate-specifying-boolparam.patch Patch100: tigervnc-xserver120.patch @@ -138,12 +146,18 @@ done popd # libvnc.so: don't use unexported GetMaster function (bug #744881 again). -%patch2 -p1 -b .getmaster +%patch1 -p1 -b .getmaster # Utilize system-wide crypto policies -%patch5 -p1 -b .utilize-system-crypto-policies +%patch2 -p1 -b .utilize-system-crypto-policies -%patch7 -p1 -b .tigervnc-passwd-crash-with-malloc-checks +%patch3 -p1 -b .tigervnc-passwd-crash-with-malloc-checks + +# Enable once this is reviewed by upstream +# https://github.com/TigerVNC/tigervnc/pull/1115 +# %patch4 -p1 -b .tigervnc-systemd-service + +%patch50 -p1 -b .tigervnc-tolerate-specifying-boolparam %build %ifarch sparcv9 sparc64 s390 s390x @@ -224,6 +238,7 @@ install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps done popd +%if 0%{?fedora} > 33 # Install a replacement for /usr/bin/vncserver which will tell the user to read the # HOWTO.md file cat < %{buildroot}/%{_bindir}/vncserver @@ -232,6 +247,12 @@ echo "vncserver has been replaced by a systemd unit." echo "Please read /usr/share/doc/tigervnc/HOWTO.md for more information." EOF chmod +x %{buildroot}/%{_bindir}/vncserver +%else +rm -f %{buildroot}/%{_mandir}/man8/vncserver.8 + +install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver +install -m 644 %{SOURCE6} %{buildroot}/%{_mandir}/man8/vncserver.8 +%endif %find_lang %{name} %{name}.lang @@ -318,6 +339,10 @@ fi %{_datadir}/selinux/packages/vncsession.pp %changelog +* Tue Sep 29 13:12:22 CEST 2020 Jan Grulich - 1.11.0-6 +- Backport upstream fix allowing Tigervnc to specify boolean valus in configuration +- Revert removal of vncserver for F32 and F33 + * Thu Sep 24 07:14:06 CEST 2020 Jan Grulich - 1.11.0-5 - Actually install the HOWTO.md file diff --git a/vncserver b/vncserver new file mode 100644 index 0000000..2e2d519 --- /dev/null +++ b/vncserver @@ -0,0 +1,887 @@ +#!/usr/bin/perl +# +# Copyright (C) 2009-2010 D. R. Commander. All Rights Reserved. +# Copyright (C) 2005-2006 Sun Microsystems, Inc. All Rights Reserved. +# Copyright (C) 2002-2003 Constantin Kaplinsky. All Rights Reserved. +# Copyright (C) 2002-2005 RealVNC Ltd. +# Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. +# +# This is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This software is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this software; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +# USA. +# + +# +# vncserver - wrapper script to start an X VNC server. +# + +# First make sure we're operating in a sane environment. +$exedir = ""; +$slashndx = rindex($0, "/"); +if($slashndx>=0) { + $exedir = substr($0, 0, $slashndx+1); +} + +&SanityCheck(); + +&NotifyAboutDeprecation(); + +# +# Global variables. You may want to configure some of these for +# your site +# + +$geometry = "1024x768"; +#$depth = 16; + +$vncUserDir = "$ENV{HOME}/.vnc"; +$vncUserConfig = "$vncUserDir/config"; + +$vncSystemConfigDir = "/etc/tigervnc"; +$vncSystemConfigDefaultsFile = "$vncSystemConfigDir/vncserver-config-defaults"; +$vncSystemConfigMandatoryFile = "$vncSystemConfigDir/vncserver-config-mandatory"; + +$skipxstartup = 0; +$xauthorityFile = "$ENV{XAUTHORITY}" || "$ENV{HOME}/.Xauthority"; + +$xstartupFile = $vncUserDir . "/xstartup"; +$defaultXStartup + = ("#!/bin/sh\n\n". + "unset SESSION_MANAGER\n". + "unset DBUS_SESSION_BUS_ADDRESS\n". + "exec /etc/X11/xinit/xinitrc\n"); + +$defaultConfig + = ("## Supported server options to pass to vncserver upon invocation can be listed\n". + "## in this file. See the following manpages for more: vncserver(1) Xvnc(1).\n". + "## Several common ones are shown below. Uncomment and modify to your liking.\n". + "##\n". + "# securitytypes=vncauth,tlsvnc\n". + "# desktop=sandbox\n". + "# geometry=2000x1200\n". + "# localhost\n". + "# alwaysshared\n"); + +chop($host = `uname -n`); + +if (-d "/etc/X11/fontpath.d") { + $fontPath = "catalogue:/etc/X11/fontpath.d"; +} + +@fontpaths = ('/usr/share/X11/fonts', '/usr/share/fonts', '/usr/share/fonts/X11/'); +if (! -l "/usr/lib/X11") {push(@fontpaths, '/usr/lib/X11/fonts');} +if (! -l "/usr/X11") {push(@fontpaths, '/usr/X11/lib/X11/fonts');} +if (! -l "/usr/X11R6") {push(@fontpaths, '/usr/X11R6/lib/X11/fonts');} +push(@fontpaths, '/usr/share/fonts/default'); + +@fonttypes = ('misc', + '75dpi', + '100dpi', + 'Speedo', + 'Type1'); + +foreach $_fpath (@fontpaths) { + foreach $_ftype (@fonttypes) { + if (-f "$_fpath/$_ftype/fonts.dir") { + if (! -l "$_fpath/$_ftype") { + $defFontPath .= "$_fpath/$_ftype,"; + } + } + } +} + +if ($defFontPath) { + if (substr($defFontPath, -1, 1) == ',') { + chop $defFontPath; + } +} + +if ($fontPath eq "") { + $fontPath = $defFontPath; +} + +# Check command line options + +&ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1, + "-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1); + +&Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'}); + +&Kill() if ($opt{'-kill'}); + +&List() if ($opt{'-list'}); + +# Uncomment this line if you want default geometry, depth and pixelformat +# to match the current X display: +# &GetXDisplayDefaults(); + +if ($opt{'-geometry'}) { + $geometry = $opt{'-geometry'}; +} +if ($opt{'-depth'}) { + $depth = $opt{'-depth'}; + $pixelformat = ""; +} +if ($opt{'-pixelformat'}) { + $pixelformat = $opt{'-pixelformat'}; +} +if ($opt{'-noxstartup'}) { + $skipxstartup = 1; +} +if ($opt{'-xstartup'}) { + $xstartupFile = $opt{'-xstartup'}; +} +if ($opt{'-fp'}) { + $fontPath = $opt{'-fp'}; + $fpArgSpecified = 1; +} + +&CheckGeometryAndDepth(); + +# Create the user's vnc directory if necessary. +if (!(-e $vncUserDir)) { + if (!mkdir($vncUserDir,0755)) { + die "$prog: Could not create $vncUserDir.\n"; + } +} + +# Find display number. +if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) { + $displayNumber = $1; + shift(@ARGV); + if (!&CheckDisplayNumber($displayNumber)) { + die "A VNC server is already running as :$displayNumber\n"; + } +} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) { + &Usage(); +} else { + $displayNumber = &GetDisplayNumber(); +} + +$vncPort = 5900 + $displayNumber; + +if ($opt{'-name'}) { + $desktopName = $opt{'-name'}; +} else { + $desktopName = "$host:$displayNumber ($ENV{USER})"; +} + +my %default_opts; +my %config; + +# We set some reasonable defaults. Config file settings +# override these where present. +$default_opts{desktop} = "edString($desktopName); +$default_opts{auth} = "edString($xauthorityFile); +$default_opts{geometry} = $geometry if ($geometry); +$default_opts{depth} = $depth if ($depth); +$default_opts{pixelformat} = $pixelformat if ($pixelformat); +$default_opts{rfbwait} = 30000; +$default_opts{rfbauth} = "$vncUserDir/passwd"; +$default_opts{rfbport} = $vncPort; +$default_opts{fp} = $fontPath if ($fontPath); +$default_opts{pn} = ""; + +# Load user-overrideable system defaults +LoadConfig($vncSystemConfigDefaultsFile); + +# Then the user's settings +LoadConfig($vncUserConfig); + +# And then override anything set above if mandatory settings exist. +# WARNING: "Mandatory" is used loosely here! As the man page says, +# there is nothing stopping someone from EASILY subverting the +# settings in $vncSystemConfigMandatoryFile by simply passing +# CLI args to vncserver, which trump config files! To properly +# hard force policy in a non-subvertible way would require major +# development work that touches Xvnc itself. +LoadConfig($vncSystemConfigMandatoryFile, 1); + +# +# Check whether VNC authentication is enabled, and if so, prompt the user to +# create a VNC password if they don't already have one. +# + +$securityTypeArgSpecified = 0; +$vncAuthEnabled = 0; +$passwordArgSpecified = 0; +@vncAuthStrings = ("vncauth", "tlsvnc", "x509vnc"); + +# ...first we check our configuration files' settings +if ($config{'securitytypes'}) { + $securityTypeArgSpecified = 1; + foreach $arg2 (split(',', $config{'securitytypes'})) { + if (grep {$_ eq lc($arg2)} @vncAuthStrings) { + $vncAuthEnabled = 1; + } + } +} + +# ...and finally we check CLI args, which in the case of the topic at +# hand (VNC auth or not), override anything found in configuration files +# (even so-called "mandatory" settings). +for ($i = 0; $i < @ARGV; ++$i) { + # -SecurityTypes can be followed by a space or "=" + my @splitargs = split('=', $ARGV[$i]); + if (@splitargs <= 1 && $i < @ARGV - 1) { + push(@splitargs, $ARGV[$i + 1]); + } + if (lc(@splitargs[0]) eq "-securitytypes") { + if (@splitargs > 1) { + $securityTypeArgSpecified = 1; + } + foreach $arg2 (split(',', @splitargs[1])) { + if (grep {$_ eq lc($arg2)} @vncAuthStrings) { + $vncAuthEnabled = 1; + } + } + } + if ((lc(@splitargs[0]) eq "-password") + || (lc(@splitargs[0]) eq "-passwordfile" + || (lc(@splitargs[0]) eq "-rfbauth"))) { + $passwordArgSpecified = 1; + } +} + +if ((!$securityTypeArgSpecified || $vncAuthEnabled) && !$passwordArgSpecified) { + ($z,$z,$mode) = stat("$vncUserDir/passwd"); + if (!(-e "$vncUserDir/passwd") || ($mode & 077)) { + warn "\nYou will require a password to access your desktops.\n\n"; + system($exedir."vncpasswd -q $vncUserDir/passwd"); + if (($? >> 8) != 0) { + exit 1; + } + } +} + +$desktopLog = "$vncUserDir/$host:$displayNumber.log"; +unlink($desktopLog); + +# Make an X server cookie and set up the Xauthority file +# mcookie is a part of util-linux, usually only GNU/Linux systems have it. +$cookie = `mcookie`; +# Fallback for non GNU/Linux OS - use /dev/urandom on systems that have it, +# otherwise use perl's random number generator, seeded with the sum +# of the current time, our PID and part of the encrypted form of the password. +if ($cookie eq "" && open(URANDOM, '<', '/dev/urandom')) { + my $randata; + if (sysread(URANDOM, $randata, 16) == 16) { + $cookie = unpack 'h*', $randata; + } + close(URANDOM); +} +if ($cookie eq "") { + srand(time+$$+unpack("L",`cat $vncUserDir/passwd`)); + for (1..16) { + $cookie .= sprintf("%02x", int(rand(256)) % 256); + } +} + +open(XAUTH, "|xauth -f $xauthorityFile source -"); +print XAUTH "add $host:$displayNumber . $cookie\n"; +print XAUTH "add $host/unix:$displayNumber . $cookie\n"; +close(XAUTH); + +# Now start the X VNC Server + +# We build up our Xvnc command with options +$cmd = $exedir."Xvnc :$displayNumber"; + +foreach my $k (sort keys %config) { + $cmd .= " -$k $config{$k}"; + delete $default_opts{$k}; # file options take precedence +} + +foreach my $k (sort keys %default_opts) { + $cmd .= " -$k $default_opts{$k}"; +} + +# Add color database stuff here, e.g.: +# $cmd .= " -co /usr/lib/X11/rgb"; + +foreach $arg (@ARGV) { + $cmd .= " " . "edString($arg); +} +$cmd .= " >> " . "edString($desktopLog) . " 2>&1"; + +# Run $cmd and record the process ID. +$pidFile = "$vncUserDir/$host:$displayNumber.pid"; +system("$cmd & echo \$! >$pidFile"); + +# Give Xvnc a chance to start up + +sleep(3); +if ($fontPath ne $defFontPath) { + unless (kill 0, `cat $pidFile`) { + if ($fpArgSpecified) { + warn "\nWARNING: The first attempt to start Xvnc failed, probably because the font\n"; + warn "path you specified using the -fp argument is incorrect. Attempting to\n"; + warn "determine an appropriate font path for this system and restart Xvnc using\n"; + warn "that font path ...\n"; + } else { + warn "\nWARNING: The first attempt to start Xvnc failed, possibly because the font\n"; + warn "catalog is not properly configured. Attempting to determine an appropriate\n"; + warn "font path for this system and restart Xvnc using that font path ...\n"; + } + $cmd =~ s@-fp [^ ]+@@; + $cmd .= " -fp $defFontPath" if ($defFontPath); + system("$cmd & echo \$! >$pidFile"); + sleep(3); + } +} +unless (kill 0, `cat $pidFile`) { + warn "Could not start Xvnc.\n\n"; + unlink $pidFile; + open(LOG, "<$desktopLog"); + while () { print; } + close(LOG); + die "\n"; +} + +warn "\nNew '$desktopName' desktop is $host:$displayNumber\n\n"; + +# Create the user's xstartup script if necessary. +if (! $skipxstartup) { + if (!(-e "$xstartupFile")) { + warn "Creating default startup script $xstartupFile\n"; + open(XSTARTUP, ">$xstartupFile"); + print XSTARTUP $defaultXStartup; + close(XSTARTUP); + chmod 0755, "$xstartupFile"; + } +} + +# Create the user's config file if necessary. +if (!(-e "$vncUserDir/config")) { + warn "Creating default config $vncUserDir/config\n"; + open(VNCUSERCONFIG, ">$vncUserDir/config"); + print VNCUSERCONFIG $defaultConfig; + close(VNCUSERCONFIG); + chmod 0644, "$vncUserDir/config"; +} + +# Run the X startup script. +if (! $skipxstartup) { + warn "Starting applications specified in $xstartupFile\n"; +} +warn "Log file is $desktopLog\n\n"; + +# If the unix domain socket exists then use that (DISPLAY=:n) otherwise use +# TCP (DISPLAY=host:n) + +if (-e "/tmp/.X11-unix/X$displayNumber" || + -e "/usr/spool/sockets/X11/$displayNumber") +{ + $ENV{DISPLAY}= ":$displayNumber"; +} else { + $ENV{DISPLAY}= "$host:$displayNumber"; +} +$ENV{VNCDESKTOP}= $desktopName; + +if ($opt{'-fg'}) { + if (! $skipxstartup) { + system("$xstartupFile >> " . "edString($desktopLog) . " 2>&1"); + } + if (kill 0, `cat $pidFile`) { + $opt{'-kill'} = ':'.$displayNumber; + &Kill(); + } +} else { + if ($opt{'-autokill'}) { + if (! $skipxstartup) { + system("($xstartupFile; $0 -kill :$displayNumber) >> " + . "edString($desktopLog) . " 2>&1 &"); + } + } else { + if (! $skipxstartup) { + system("$xstartupFile >> " . "edString($desktopLog) + . " 2>&1 &"); + } + } +} + +exit; + +############################################################################### +# Functions +############################################################################### + +# +# Populate the global %config hash with settings from a specified +# vncserver configuration file if it exists +# +# Args: 1. file path +# 2. optional boolean flag to enable warning when a previously +# set configuration setting is being overridden +# +sub LoadConfig { + local ($configFile, $warnoverride) = @_; + local ($toggle) = undef; + + if (stat($configFile)) { + if (open(IN, $configFile)) { + while () { + next if /^#/; + if (my ($k, $v) = /^\s*(\w+)\s*=\s*(.+)$/) { + $k = lc($k); # must normalize key case + if ($warnoverride && $config{$k}) { + print("Warning: $configFile is overriding previously defined '$k' to be '$v'\n"); + } + $config{$k} = $v; + } elsif ($_ =~ m/^\s*(\S+)/) { + # We can't reasonably warn on override of toggles (e.g. AlwaysShared) + # because it would get crazy to do so. We'd have to check if the + # current config file being loaded defined the logical opposite setting + # (NeverShared vs. AlwaysShared, etc etc). + $toggle = lc($1); # must normalize key case + $config{$toggle} = $k; + } + } + close(IN); + } + } +} + +# +# CheckGeometryAndDepth simply makes sure that the geometry and depth values +# are sensible. +# + +sub CheckGeometryAndDepth +{ + if ($geometry =~ /^(\d+)x(\d+)$/) { + $width = $1; $height = $2; + + if (($width<1) || ($height<1)) { + die "$prog: geometry $geometry is invalid\n"; + } + + $geometry = "${width}x$height"; + } else { + die "$prog: geometry $geometry is invalid\n"; + } + + if ($depth && (($depth < 8) || ($depth > 32))) { + die "Depth must be between 8 and 32\n"; + } +} + + +# +# GetDisplayNumber gets the lowest available display number. A display number +# n is taken if something is listening on the VNC server port (5900+n) or the +# X server port (6000+n). +# + +sub GetDisplayNumber +{ + foreach $n (1..99) { + if (&CheckDisplayNumber($n)) { + return $n+0; # Bruce Mah's workaround for bug in perl 5.005_02 + } + } + + die "$prog: no free display number on $host.\n"; +} + + +# +# CheckDisplayNumber checks if the given display number is available. A +# display number n is taken if something is listening on the VNC server port +# (5900+n) or the X server port (6000+n). +# + +sub CheckDisplayNumber +{ + local ($n) = @_; + + socket(S, $AF_INET, $SOCK_STREAM, 0) || die "$prog: socket failed: $!\n"; + eval 'setsockopt(S, &SOL_SOCKET, &SO_REUSEADDR, pack("l", 1))'; + if (!bind(S, pack('S n x12', $AF_INET, 6000 + $n))) { + close(S); + return 0; + } + close(S); + + socket(S, $AF_INET, $SOCK_STREAM, 0) || die "$prog: socket failed: $!\n"; + eval 'setsockopt(S, &SOL_SOCKET, &SO_REUSEADDR, pack("l", 1))'; + if (!bind(S, pack('S n x12', $AF_INET, 5900 + $n))) { + close(S); + return 0; + } + close(S); + + if (-e "/tmp/.X$n-lock") { + warn "\nWarning: $host:$n is taken because of /tmp/.X$n-lock\n"; + warn "Remove this file if there is no X server $host:$n\n"; + return 0; + } + + if (-e "/tmp/.X11-unix/X$n") { + warn "\nWarning: $host:$n is taken because of /tmp/.X11-unix/X$n\n"; + warn "Remove this file if there is no X server $host:$n\n"; + return 0; + } + + if (-e "/usr/spool/sockets/X11/$n") { + warn("\nWarning: $host:$n is taken because of ". + "/usr/spool/sockets/X11/$n\n"); + warn "Remove this file if there is no X server $host:$n\n"; + return 0; + } + + return 1; +} + + +# +# GetXDisplayDefaults uses xdpyinfo to find out the geometry, depth and pixel +# format of the current X display being used. If successful, it sets the +# options as appropriate so that the X VNC server will use the same settings +# (minus an allowance for window manager decorations on the geometry). Using +# the same depth and pixel format means that the VNC server won't have to +# translate pixels when the desktop is being viewed on this X display (for +# TrueColor displays anyway). +# + +sub GetXDisplayDefaults +{ + local (@lines, @matchlines, $width, $height, $defaultVisualId, $i, + $red, $green, $blue); + + $wmDecorationWidth = 4; # a guess at typical size for window manager + $wmDecorationHeight = 24; # decoration size + + return if (!defined($ENV{DISPLAY})); + + @lines = `xdpyinfo 2>/dev/null`; + + return if ($? != 0); + + @matchlines = grep(/dimensions/, @lines); + if (@matchlines) { + ($width, $height) = ($matchlines[0] =~ /(\d+)x(\d+) pixels/); + + $width -= $wmDecorationWidth; + $height -= $wmDecorationHeight; + + $geometry = "${width}x$height"; + } + + @matchlines = grep(/default visual id/, @lines); + if (@matchlines) { + ($defaultVisualId) = ($matchlines[0] =~ /id:\s+(\S+)/); + + for ($i = 0; $i < @lines; $i++) { + if ($lines[$i] =~ /^\s*visual id:\s+$defaultVisualId$/) { + if (($lines[$i+1] !~ /TrueColor/) || + ($lines[$i+2] !~ /depth/) || + ($lines[$i+4] !~ /red, green, blue masks/)) + { + return; + } + last; + } + } + + return if ($i >= @lines); + + ($depth) = ($lines[$i+2] =~ /depth:\s+(\d+)/); + ($red,$green,$blue) + = ($lines[$i+4] + =~ /masks:\s+0x([0-9a-f]+), 0x([0-9a-f]+), 0x([0-9a-f]+)/); + + $red = hex($red); + $green = hex($green); + $blue = hex($blue); + + if ($red > $blue) { + $red = int(log($red) / log(2)) - int(log($green) / log(2)); + $green = int(log($green) / log(2)) - int(log($blue) / log(2)); + $blue = int(log($blue) / log(2)) + 1; + $pixelformat = "rgb$red$green$blue"; + } else { + $blue = int(log($blue) / log(2)) - int(log($green) / log(2)); + $green = int(log($green) / log(2)) - int(log($red) / log(2)); + $red = int(log($red) / log(2)) + 1; + $pixelformat = "bgr$blue$green$red"; + } + } +} + + +# +# quotedString returns a string which yields the original string when parsed +# by a shell. +# + +sub quotedString +{ + local ($in) = @_; + + $in =~ s/\'/\'\"\'\"\'/g; + + return "'$in'"; +} + + +# +# removeSlashes turns slashes into underscores for use as a file name. +# + +sub removeSlashes +{ + local ($in) = @_; + + $in =~ s|/|_|g; + + return "$in"; +} + + +# +# Usage +# + +sub Usage +{ + die("\nusage: $prog [:] [-name ] [-depth ]\n". + " [-geometry x]\n". + " [-pixelformat rgbNNN|bgrNNN]\n". + " [-fp ]\n". + " [-cc ]\n". + " [-fg]\n". + " [-autokill]\n". + " [-noxstartup]\n". + " [-xstartup ]\n". + " ...\n\n". + " $prog -kill \n\n". + " $prog -list\n\n"); +} + + +# +# List +# + +sub List +{ + opendir(dir, $vncUserDir); + my @filelist = readdir(dir); + closedir(dir); + print "\nTigerVNC server sessions:\n\n"; + print "X DISPLAY #\tPROCESS ID\n"; + foreach my $file (@filelist) { + if ($file =~ /$host:(\d+)$\.pid/) { + chop($tmp_pid = `cat $vncUserDir/$file`); + if (kill 0, $tmp_pid) { + print ":".$1."\t\t".`cat $vncUserDir/$file`; + } else { + unlink ($vncUserDir . "/" . $file); + } + } + } + exit; +} + + +# +# Kill +# + +sub Kill +{ + $opt{'-kill'} =~ s/(:\d+)\.\d+$/$1/; # e.g. turn :1.0 into :1 + + if ($opt{'-kill'} =~ /^:\d+$/) { + $pidFile = "$vncUserDir/$host$opt{'-kill'}.pid"; + } else { + if ($opt{'-kill'} !~ /^$host:/) { + die "\nCan't tell if $opt{'-kill'} is on $host\n". + "Use -kill : instead\n\n"; + } + $pidFile = "$vncUserDir/$opt{'-kill'}.pid"; + } + + if (! -r $pidFile) { + die "\nCan't find file $pidFile\n". + "You'll have to kill the Xvnc process manually\n\n"; + } + + $SIG{'HUP'} = 'IGNORE'; + chop($pid = `cat $pidFile`); + warn "Killing Xvnc process ID $pid\n"; + + if (kill 0, $pid) { + system("kill $pid"); + sleep(1); + if (kill 0, $pid) { + print "Xvnc seems to be deadlocked. Kill the process manually and then re-run\n"; + print " ".$0." -kill ".$opt{'-kill'}."\n"; + print "to clean up the socket files.\n"; + exit + } + + } else { + warn "Xvnc process ID $pid already killed\n"; + $opt{'-kill'} =~ s/://; + + if (-e "/tmp/.X11-unix/X$opt{'-kill'}") { + print "Xvnc did not appear to shut down cleanly."; + print " Removing /tmp/.X11-unix/X$opt{'-kill'}\n"; + unlink "/tmp/.X11-unix/X$opt{'-kill'}"; + } + if (-e "/tmp/.X$opt{'-kill'}-lock") { + print "Xvnc did not appear to shut down cleanly."; + print " Removing /tmp/.X$opt{'-kill'}-lock\n"; + unlink "/tmp/.X$opt{'-kill'}-lock"; + } + } + + unlink $pidFile; + exit; +} + + +# +# ParseOptions takes a list of possible options and a boolean indicating +# whether the option has a value following, and sets up an associative array +# %opt of the values of the options given on the command line. It removes all +# the arguments it uses from @ARGV and returns them in @optArgs. +# + +sub ParseOptions +{ + local (@optval) = @_; + local ($opt, @opts, %valFollows, @newargs); + + while (@optval) { + $opt = shift(@optval); + push(@opts,$opt); + $valFollows{$opt} = shift(@optval); + } + + @optArgs = (); + %opt = (); + + arg: while (defined($arg = shift(@ARGV))) { + foreach $opt (@opts) { + if ($arg eq $opt) { + push(@optArgs, $arg); + if ($valFollows{$opt}) { + if (@ARGV == 0) { + &Usage(); + } + $opt{$opt} = shift(@ARGV); + push(@optArgs, $opt{$opt}); + } else { + $opt{$opt} = 1; + } + next arg; + } + } + push(@newargs,$arg); + } + + @ARGV = @newargs; +} + + +# Routine to make sure we're operating in a sane environment. +sub SanityCheck +{ + local ($cmd); + + # Get the program name + ($prog) = ($0 =~ m|([^/]+)$|); + + # + # Check we have all the commands we'll need on the path. + # + + cmd: + foreach $cmd ("uname","xauth") { + for (split(/:/,$ENV{PATH})) { + if (-x "$_/$cmd") { + next cmd; + } + } + die "$prog: couldn't find \"$cmd\" on your PATH.\n"; + } + + if($exedir eq "") { + cmd2: + foreach $cmd ("Xvnc","vncpasswd") { + for (split(/:/,$ENV{PATH})) { + if (-x "$_/$cmd") { + next cmd2; + } + } + die "$prog: couldn't find \"$cmd\" on your PATH.\n"; + } + } + else { + cmd3: + foreach $cmd ($exedir."Xvnc",$exedir."vncpasswd") { + for (split(/:/,$ENV{PATH})) { + if (-x "$cmd") { + next cmd3; + } + } + die "$prog: couldn't find \"$cmd\".\n"; + } + } + + if (!defined($ENV{HOME})) { + die "$prog: The HOME environment variable is not set.\n"; + } + + # + # Find socket constants. 'use Socket' is a perl5-ism, so we wrap it in an + # eval, and if it fails we try 'require "sys/socket.ph"'. If this fails, + # we just guess at the values. If you find perl moaning here, just + # hard-code the values of AF_INET and SOCK_STREAM. You can find these out + # for your platform by looking in /usr/include/sys/socket.h and related + # files. + # + + chop($os = `uname`); + chop($osrev = `uname -r`); + + eval 'use Socket'; + if ($@) { + eval 'require "sys/socket.ph"'; + if ($@) { + if (($os eq "SunOS") && ($osrev !~ /^4/)) { + $AF_INET = 2; + $SOCK_STREAM = 2; + } else { + $AF_INET = 2; + $SOCK_STREAM = 1; + } + } else { + $AF_INET = &AF_INET; + $SOCK_STREAM = &SOCK_STREAM; + } + } else { + $AF_INET = &AF_INET; + $SOCK_STREAM = &SOCK_STREAM; + } +} + +sub NotifyAboutDeprecation +{ + warn "\nWARNING: vncserver has been replaced by a systemd unit and is about to be removed in the next Fedora release.\n"; + warn "Please read /usr/share/doc/tigervnc/HOWTO.md for more information.\n"; +} diff --git a/vncserver.man b/vncserver.man new file mode 100644 index 0000000..2641ed1 --- /dev/null +++ b/vncserver.man @@ -0,0 +1,204 @@ +.TH vncserver 1 "" "TigerVNC" "Virtual Network Computing" +.SH NAME +vncserver \- start or stop a VNC server +.SH SYNOPSIS +.B vncserver +.RI [: display# ] +.RB [ \-name +.IR desktop-name ] +.RB [ \-geometry +.IR width x height ] +.RB [ \-depth +.IR depth ] +.RB [ \-pixelformat +.IR format ] +.RB [ \-fp +.IR font-path ] +.RB [ \-fg ] +.RB [ \-autokill ] +.RB [ \-noxstartup ] +.RB [ \-xstartup +.IR script ] +.RI [ Xvnc-options... ] +.br +.BI "vncserver \-kill :" display# +.br +.BI "vncserver \-list" +.SH DESCRIPTION +.B vncserver +is used to start a VNC (Virtual Network Computing) desktop. +.B vncserver +is a Perl script which simplifies the process of starting an Xvnc server. It +runs Xvnc with appropriate options and starts a window manager on the VNC +desktop. + +.B vncserver +can be run with no options at all. In this case it will choose the first +available display number (usually :1), start Xvnc with that display number, +and start the default window manager in the Xvnc session. You can also +specify the display number, in which case vncserver will attempt to start +Xvnc with that display number and exit if the display number is not +available. For example: + +.RS +vncserver :13 +.RE + +Editing the file $HOME/.vnc/xstartup allows you to change the applications run +at startup (but note that this will not affect an existing VNC session.) + +.SH OPTIONS +You can get a list of options by passing \fB\-h\fP as an option to vncserver. +In addition to the options listed below, any unrecognised options will be +passed to Xvnc - see the Xvnc man page, or "Xvnc \-help", for details. + +.TP +.B \-name \fIdesktop-name\fP +Each VNC desktop has a name which may be displayed by the viewer. The desktop +name defaults to "\fIhost\fP:\fIdisplay#\fP (\fIusername\fP)", but you can +change it with this option. The desktop name option is passed to the xstartup +script via the $VNCDESKTOP environment variable, which allows you to run a +different set of applications depending on the name of the desktop. +. +.TP +.B \-geometry \fIwidth\fPx\fIheight\fP +Specify the size of the VNC desktop to be created. Default is 1024x768. +. +.TP +.B \-depth \fIdepth\fP +Specify the pixel depth (in bits) of the VNC desktop to be created. Default is +24. Other possible values are 8, 15 and 16 - anything else is likely to cause +strange behaviour by applications. +. +.TP +.B \-pixelformat \fIformat\fP +Specify pixel format for Xvnc to use (BGRnnn or RGBnnn). The default for +depth 8 is BGR233 (meaning the most significant two bits represent blue, the +next three green, and the least significant three represent red), the default +for depth 16 is RGB565, and the default for depth 24 is RGB888. +. +.TP +.B \-cc 3 +As an alternative to the default TrueColor visual, this allows you to run an +Xvnc server with a PseudoColor visual (i.e. one which uses a color map or +palette), which can be useful for running some old X applications which only +work on such a display. Values other than 3 (PseudoColor) and 4 (TrueColor) +for the \-cc option may result in strange behaviour, and PseudoColor desktops +must have an 8-bit depth. +. +.TP +.B \-kill :\fIdisplay#\fP +This kills a VNC desktop previously started with vncserver. It does this by +killing the Xvnc process, whose process ID is stored in the file +"$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.pid". The +.B \-kill +option ignores anything preceding the first colon (":") in the display +argument. Thus, you can invoke "vncserver \-kill $DISPLAY", for example at the +end of your xstartup file after a particular application exits. +. +.TP +.B \-fp \fIfont-path\fP +If the vncserver script detects that the X Font Server (XFS) is running, it +will attempt to start Xvnc and configure Xvnc to use XFS for font handling. +Otherwise, if XFS is not running, the vncserver script will attempt to start +Xvnc and allow Xvnc to use its own preferred method of font handling (which may +be a hard-coded font path or, on more recent systems, a font catalog.) In +any case, if Xvnc fails to start, the vncserver script will then attempt to +determine an appropriate X font path for this system and start Xvnc using +that font path. + +The +.B \-fp +argument allows you to override the above fallback logic and specify a font +path for Xvnc to use. +. +.TP +.B \-fg +Runs Xvnc as a foreground process. This has two effects: (1) The VNC server +can be aborted with CTRL-C, and (2) the VNC server will exit as soon as the +user logs out of the window manager in the VNC session. This may be necessary +when launching TigerVNC from within certain grid computing environments. +. +.TP +.B \-autokill +Automatically kill Xvnc whenever the xstartup script exits. In most cases, +this has the effect of terminating Xvnc when the user logs out of the window +manager. +. +.TP +.B \-noxstartup +Do not run the %HOME/.vnc/xstartup script after launching Xvnc. This +option allows you to manually start a window manager in your TigerVNC session. +. +.TP +.B \-xstartup \fIscript\fP +Run a custom startup script, instead of %HOME/.vnc/xstartup, after launching +Xvnc. This is useful to run full-screen applications. +. +.TP +.B \-list +Lists all VNC desktops started by vncserver. + +.SH FILES +Several VNC-related files are found in the directory $HOME/.vnc: +.TP +$HOME/.vnc/xstartup +A shell script specifying X applications to be run when a VNC desktop is +started. If this file does not exist, then vncserver will create a default +xstartup script which attempts to launch your chosen window manager. +.TP +/etc/tigervnc/vncserver-config-defaults +The optional system-wide equivalent of $HOME/.vnc/config. If this file exists +and defines options to be passed to Xvnc, they will be used as defaults for +users. The user's $HOME/.vnc/config overrides settings configured in this file. +The overall configuration file load order is: this file, $HOME/.vnc/config, +and then /etc/tigervnc/vncserver-config-mandatory. None are required to exist. +.TP +/etc/tigervnc/vncserver-config-mandatory +The optional system-wide equivalent of $HOME/.vnc/config. If this file exists +and defines options to be passed to Xvnc, they will override any of the same +options defined in a user's $HOME/.vnc/config. This file offers a mechanism +to establish some basic form of system-wide policy. WARNING! There is +nothing stopping users from constructing their own vncserver-like script +that calls Xvnc directly to bypass any options defined in +/etc/tigervnc/vncserver-config-mandatory. Likewise, any CLI arguments passed +to vncserver will override ANY config file setting of the same name. The +overall configuration file load order is: +/etc/tigervnc/vncserver-config-defaults, $HOME/.vnc/config, and then this file. +None are required to exist. +.TP +$HOME/.vnc/config +An optional server config file wherein options to be passed to Xvnc are listed +to avoid hard-coding them to the physical invocation. List options in this file +one per line. For those requiring an argument, simply separate the option from +the argument with an equal sign, for example: "geometry=2000x1200" or +"securitytypes=vncauth,tlsvnc". Options without an argument are simply listed +as a single word, for example: "localhost" or "alwaysshared". +.TP +$HOME/.vnc/passwd +The VNC password file. +.TP +$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.log +The log file for Xvnc and applications started in xstartup. +.TP +$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.pid +Identifies the Xvnc process ID, used by the +.B \-kill +option. + +.SH SEE ALSO +.BR vncviewer (1), +.BR vncpasswd (1), +.BR vncconfig (1), +.BR Xvnc (1) +.br +https://www.tigervnc.org + +.SH AUTHOR +Tristan Richardson, RealVNC Ltd., D. R. Commander and others. + +VNC was originally developed by the RealVNC team while at Olivetti +Research Ltd / AT&T Laboratories Cambridge. TightVNC additions were +implemented by Constantin Kaplinsky. Many other people have since +participated in development, testing and support. This manual is part +of the TigerVNC software suite.