From 0f03c00501f91e7f806f8cbdf65485ed6afcfd77e00cbcbd23bcc96256e6397b Mon Sep 17 00:00:00 2001 From: Michal Srb Date: Mon, 25 Sep 2017 15:11:16 +0000 Subject: [PATCH] Accepting request 528672 from home:michalsrb:branches:fate323880 - Add tigervnc-x11vnc wrapper for x0vncserver that replaces x11vnc. (fate#323207) - Replace java applet with novnc as web-based VNC viewer. (fate#323880) - Convert xinetd services to systemd socket activated services. (bnc#1058460) OBS-URL: https://build.opensuse.org/request/show/528672 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=120 --- tigervnc.changes | 12 +++ tigervnc.spec | 153 ++++++++++++++++++++++++++++------- vnc.xinetd | 90 --------------------- vnc_inetd_httpd | 114 -------------------------- x11vnc | 194 +++++++++++++++++++++++++++++++++++++++++++++ xvnc-novnc.service | 10 +++ xvnc-novnc.socket | 9 +++ xvnc.socket | 9 +++ xvnc@.service | 9 +++ 9 files changed, 368 insertions(+), 232 deletions(-) delete mode 100644 vnc.xinetd delete mode 100644 vnc_inetd_httpd create mode 100644 x11vnc create mode 100644 xvnc-novnc.service create mode 100644 xvnc-novnc.socket create mode 100644 xvnc.socket create mode 100644 xvnc@.service diff --git a/tigervnc.changes b/tigervnc.changes index 95380d2..8df3e84 100644 --- a/tigervnc.changes +++ b/tigervnc.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Mon Sep 25 08:36:07 UTC 2017 - msrb@suse.com + +- Add tigervnc-x11vnc wrapper for x0vncserver that replaces x11vnc. + (fate#323207) + +- Replace java applet with novnc as web-based VNC viewer. + (fate#323880) + +- Convert xinetd services to systemd socket activated services. + (bnc#1058460) + ------------------------------------------------------------------- Mon Sep 11 14:12:30 UTC 2017 - fstrba@suse.com diff --git a/tigervnc.spec b/tigervnc.spec index 558a6e5..1fad7d5 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -22,6 +22,8 @@ %define tlskey %{_sysconfdir}/vnc/tls.key %define tlscert %{_sysconfdir}/vnc/tls.cert +%define _unitdir %{_prefix}/lib/systemd/system + Name: tigervnc Version: 1.8.0 Release: 0 @@ -53,6 +55,7 @@ BuildRequires: libgpg-error-devel BuildRequires: mozilla-nss BuildRequires: pam-devel BuildRequires: pkg-config +BuildRequires: systemd-rpm-macros BuildRequires: xmlto BuildRequires: xorg-x11-libICE-devel BuildRequires: xorg-x11-libSM-devel @@ -101,16 +104,20 @@ Summary: A high-performance, platform-neutral implementation of VNC License: GPL-2.0 and MIT Group: System/X11/Servers/XF86_4 Source1: https://github.com/TigerVNC/tigervnc/archive/v%{version}.tar.gz -Source3: vnc.xinetd Source4: 10-libvnc.conf Source5: vnc-server.firewall Source6: vnc-httpd.firewall -Source7: vnc_inetd_httpd -Source8: vnc.reg -Source9: vncpasswd.arg -Source10: vnc.pam -Source11: with-vnc-key.sh -Source12: index.vnc +Source7: vnc.reg +Source8: vncpasswd.arg +Source9: vnc.pam +Source10: with-vnc-key.sh +Source11: index.vnc +Source12: x11vnc +Source13: xvnc@.service +Source14: xvnc.socket +Source15: xvnc-novnc.service +Source16: xvnc-novnc.socket + Patch1: tigervnc-newfbsize.patch Patch2: tigervnc-clean-pressed-key-on-exit.patch Patch3: u_tigervnc-ignore-epipe-on-write.patch @@ -135,18 +142,15 @@ Requires(post): /usr/sbin/useradd Requires(post): /usr/sbin/groupadd # Needed to generate certificates Requires: openssl -# Needed to serve java applet -Requires: python -Requires: python-pyOpenSSL Requires: windowmanager Requires: xauth -Requires: xinetd Requires: xinit Requires: xkbcomp Requires: xkeyboard-config Requires: xorg-x11-fonts-core # For the with-vnc-key.sh script Requires: /bin/hostname +%{?systemd_requires} Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh Summary: TigerVNC implementation of Xvnc Group: System/X11/Servers/XF86_4 @@ -154,6 +158,34 @@ Group: System/X11/Servers/XF86_4 %description -n xorg-x11-Xvnc This is the TigerVNC implementation of Xvnc. +%package -n xorg-x11-Xvnc-novnc +Requires: novnc +Requires: python-websockify +Requires: xorg-x11-Xvnc +%{?systemd_requires} +Summary: NoVNC service for Xvnc +Group: System/X11/Servers/XF86_4 +BuildArch: noarch + +%description -n xorg-x11-Xvnc-novnc +A service that starts noVNC linked to Xvnc server. + +%package -n xorg-x11-Xvnc-java +# Needed to serve java applet +# Requires: python +# Requires: python-pyOpenSSL + +# TODO: Requires? +BuildArch: noarch + +%{?systemd_requires} +Summary: VNC viewer in java +Group: System/X11/Servers/XF86_4 + +%description -n xorg-x11-Xvnc-java +A VNC client written in java that can be used as standalone application or as +an applet inside web page. + %package -n libXvnc1 Summary: X extension to control VNC module Group: System/Libraries @@ -169,6 +201,19 @@ Requires: libXvnc1 = %version %description -n libXvnc-devel Xvnc extension allows X clients to read and change VNC configuration. +%package x11vnc +Summary: Wrapper that starts x0vncserver +Group: System/X11/Servers/XF86_4 +Requires: python +Requires: xorg-x11-Xvnc +Provides: x11vnc +Conflicts: x11vnc +BuildArch: noarch + +%description x11vnc +This is a wrapper that looks like x11vnc, but starts x0vncserver instead. +It maps common x11vnc arguments to x0vncserver arguments. + %prep %setup -T -b1 -q cp -r /usr/src/xserver/* unix/xserver/ @@ -242,36 +287,40 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/vnc/classes install -m755 VncViewer.jar $RPM_BUILD_ROOT%{_datadir}/vnc/classes popd -install -D -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/xinetd.d/vnc %ifnarch s390x install -D -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/X11/xorg.conf.d/10-libvnc.conf %endif install -D -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/vnc-server install -D -m 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/vnc-httpd -install -D -m 755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/vnc_inetd_httpd -install -D -m 644 %{SOURCE8} $RPM_BUILD_ROOT/etc/slp.reg.d/vnc.reg -install -D -m 755 %{SOURCE9} $RPM_BUILD_ROOT%{_bindir}/vncpasswd.arg -install -D -m 644 %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/vnc -install -D -m 644 %{SOURCE12} $RPM_BUILD_ROOT%{_datadir}/vnc/classes +install -D -m 644 %{SOURCE7} $RPM_BUILD_ROOT/etc/slp.reg.d/vnc.reg +install -D -m 755 %{SOURCE8} $RPM_BUILD_ROOT%{_bindir}/vncpasswd.arg +install -D -m 644 %{SOURCE9} $RPM_BUILD_ROOT/etc/pam.d/vnc +install -D -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{_datadir}/vnc/classes %if 0%{?suse_version} >= 1315 ln -s -f %{_sysconfdir}/alternatives/vncviewer $RPM_BUILD_ROOT%{_bindir}/vncviewer ln -s -f %{_sysconfdir}/alternatives/vncviewer.1.gz $RPM_BUILD_ROOT%{_mandir}/man1/vncviewer.1.gz %endif +mkdir -p %{buildroot}%{_sbindir} +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcxvnc +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcxvnc-novnc + mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/vnc mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/vnc -install -D -m 755 %{SOURCE11} $RPM_BUILD_ROOT%{_libexecdir}/vnc +install -D -m 755 %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/vnc + +install -D -m 755 %{SOURCE12} $RPM_BUILD_ROOT%{_bindir}/x11vnc + +install -D %{SOURCE13} -m 0444 %{buildroot}%{_unitdir}/xvnc@.service +install -D %{SOURCE14} -m 0444 %{buildroot}%{_unitdir}/xvnc.socket +install -D %{SOURCE15} -m 0444 %{buildroot}%{_unitdir}/xvnc-novnc.service +install -D %{SOURCE16} -m 0444 %{buildroot}%{_unitdir}/xvnc-novnc.socket rm -rf $RPM_BUILD_ROOT/usr/share/doc/tigervnc-* %find_lang '%{name}' -%pre -n xorg-x11-Xvnc -getent group %{vncgroup} > /dev/null || groupadd -r %{vncgroup} || : -getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/empty -s /sbin/nologin -c "user for VNC" %{vncuser} || : -usermod -G shadow -a %{vncuser} || : - %post %if 0%{?suse_version} >= 1315 %_sbindir/update-alternatives \ @@ -286,6 +335,42 @@ if [ "$1" = 0 ] ; then fi %endif +%pre -n xorg-x11-Xvnc +# %service_add_pre xvnc@.service +%service_add_pre xvnc.socket + +getent group %{vncgroup} > /dev/null || groupadd -r %{vncgroup} || : +getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/empty -s /sbin/nologin -c "user for VNC" %{vncuser} || : +usermod -G shadow -a %{vncuser} || : + +%post -n xorg-x11-Xvnc +# %service_add_post xvnc@.service +%service_add_post xvnc.socket + +%preun -n xorg-x11-Xvnc +# %service_del_preun xvnc@.service +%service_del_preun xvnc.socket + +%postun -n xorg-x11-Xvnc +# %service_del_postun xvnc@.service +%service_del_postun xvnc.socket + +%pre -n xorg-x11-Xvnc-novnc +%service_add_pre xvnc-novnc.service +%service_add_pre xvnc-novnc.socket + +%post -n xorg-x11-Xvnc-novnc +%service_add_post xvnc-novnc.service +%service_add_post xvnc-novnc.socket + +%preun -n xorg-x11-Xvnc-novnc +%service_del_preun xvnc-novnc.service +%service_del_preun xvnc-novnc.socket + +%postun -n xorg-x11-Xvnc-novnc +%service_del_postun xvnc-novnc.service +%service_del_postun xvnc-novnc.socket + %post -n libXvnc1 -p /sbin/ldconfig %postun -n libXvnc1 -p /sbin/ldconfig @@ -330,7 +415,6 @@ fi %{_bindir}/vncpasswd.arg %{_bindir}/vncserver %{_bindir}/x0vncserver -%{_bindir}/vnc_inetd_httpd %exclude %{_mandir}/man1/Xserver.1* %{_mandir}/man1/Xvnc.1* @@ -339,6 +423,10 @@ fi %{_mandir}/man1/vncserver.1* %{_mandir}/man1/x0vncserver.1* +%{_unitdir}/xvnc@.service +%{_unitdir}/xvnc.socket +%{_sbindir}/rcxvnc + %exclude /usr/%{_lib}/xorg/protocol.txt %exclude /usr/%{_lib}/xorg/modules/extensions/libvnc.la %ifnarch s390 s390x @@ -359,7 +447,6 @@ fi %else %exclude /etc/X11/xorg.conf.d %endif -%config(noreplace) /etc/xinetd.d/vnc %dir /etc/slp.reg.d %config(noreplace) /etc/slp.reg.d/vnc.reg @@ -369,15 +456,21 @@ fi %exclude /usr/lib/debug/.* %exclude /usr/src/debug -%doc java/com/tigervnc/vncviewer/README -%{_datadir}/vnc - %dir %attr(0755,%{vncuser},%{vncuser}) %{_sysconfdir}/vnc %ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey} %ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert} %{_libexecdir}/vnc +%files -n xorg-x11-Xvnc-novnc +%{_unitdir}/xvnc-novnc.service +%{_unitdir}/xvnc-novnc.socket +%{_sbindir}/rcxvnc-novnc + +%files -n xorg-x11-Xvnc-java +%doc java/com/tigervnc/vncviewer/README +%{_datadir}/vnc + %files -n libXvnc1 %defattr(-,root,root) %{_libdir}/libXvnc.so.1* @@ -387,4 +480,8 @@ fi %{_libdir}/libXvnc.so %{_includedir}/X11/extensions/Xvnc.h +%files x11vnc +%defattr(-,root,root) +%{_bindir}/x11vnc + %changelog diff --git a/vnc.xinetd b/vnc.xinetd deleted file mode 100644 index 1ab18c5..0000000 --- a/vnc.xinetd +++ /dev/null @@ -1,90 +0,0 @@ -# default: off -# description: This serves out a VNC connection which starts at a KDM login \ -# prompt. This VNC connection has a resolution of 1024x768, 16bit depth. -service vnc1 -{ - type = UNLISTED - port = 5901 - socket_type = stream - protocol = tcp - wait = no - user = vnc - server = /usr/lib/vnc/with-vnc-key.sh - server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM - disable = yes -} -# default: off -# description: This serves out a VNC connection which starts at a KDM login \ -# prompt. This VNC connection has a resolution of 1280x1024, 16bit depth. -service vnc2 -{ - type = UNLISTED - port = 5902 - socket_type = stream - protocol = tcp - wait = no - user = vnc - server = /usr/lib/vnc/with-vnc-key.sh - server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM - disable = yes -} -# default: off -# description: This serves out a VNC connection which starts at a KDM login \ -# prompt. This VNC connection has a resolution of 1600x1200, 16bit depth. -service vnc3 -{ - type = UNLISTED - port = 5903 - socket_type = stream - protocol = tcp - wait = no - user = vnc - server = /usr/lib/vnc/with-vnc-key.sh - server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM - disable = yes -} -# default: off -# description: This serves out the vncviewer Java applet for the VNC \ -# server running on port 5901, (vnc port 1). -service vnchttpd1 -{ - type = UNLISTED - port = 5801 - socket_type = stream - protocol = tcp - wait = no - user = vnc - server = /usr/lib/vnc/with-vnc-key.sh - server_args = /usr/bin/vnc_inetd_httpd 1024 768 5901 - disable = yes -} -# default: off -# description: This serves out the vncviewer Java applet for the VNC \ -# server running on port 5902, (vnc port 2). -service vnchttpd2 -{ - type = UNLISTED - port = 5802 - socket_type = stream - protocol = tcp - wait = no - user = vnc - server = /usr/lib/vnc/with-vnc-key.sh - server_args = /usr/bin/vnc_inetd_httpd 1280 1024 5902 - disable = yes -} -# default: off -# description: This serves out the vncviewer Java applet for the VNC \ -# server running on port 5902, (vnc port 3). -service vnchttpd3 -{ - type = UNLISTED - port = 5803 - socket_type = stream - protocol = tcp - wait = no - user = vnc - server = /usr/lib/vnc/with-vnc-key.sh - server_args = /usr/bin/vnc_inetd_httpd 1600 1200 5903 - disable = yes -} diff --git a/vnc_inetd_httpd b/vnc_inetd_httpd deleted file mode 100644 index 13d8777..0000000 --- a/vnc_inetd_httpd +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/bin/env python - -# This is simple stupid WWW server intended to serve VNC java applet. -# It is made to be called by xinetd. -# It handles both HTTP and HTTPS on the same port. If HTTPS is allowed, any HTTP requests is responded with redirect to HTTPS. - -import re -import sys -import socket -import time - -from OpenSSL import SSL, crypto - -TLS_KEY = "/etc/vnc/tls.key" -TLS_CERT = "/etc/vnc/tls.cert" -JAR_FILE = "/usr/share/vnc/classes/VncViewer.jar" -TIMEOUT = 10 - -WIDTH = int(sys.argv[1]) -HEIGHT = int(sys.argv[2]) -VNC_PORT = int(sys.argv[3]) -USE_HTTPS = not (len(sys.argv) >= 5 and sys.argv[4] == "NoHTTPS") - - -# Take the stdin as our input socket (given from xinetd) -conn = sock = socket.fromfd(sys.stdin.fileno(), socket.AF_INET, socket.SOCK_STREAM) - -# If we are supposed to use HTTPS, load certificate and replace conn with SSL connection. -if USE_HTTPS: - cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(TLS_CERT, 'r').read()) - - context = SSL.Context(SSL.SSLv23_METHOD) - context.use_privatekey_file(TLS_KEY) - context.use_certificate(cert) - - conn = SSL.Connection(context, sock) - conn.set_accept_state() - -# Send normal response -def send_response(connection, ctype, response): - connection.sendall( - "HTTP/1.0 200 OK\n" + - "Content-Type: " + ctype + "\n" + - "Content-Length: " + str(len(response)) + "\n" + - "Connection: close\n" + - "\n" + - response - ) - -# Send redirect -def send_redirect(connection, ctype, response, location): - connection.sendall( - "HTTP/1.0 301 Moved Permanently\n" + - "Location: " + location + "\n" + - "Content-Type: " + ctype + "\n" + - "Content-Length: " + str(len(response)) + "\n" + - "Connection: close\n" + - "\n" + - response - ) - - -# Try to read and parse HTTP request -try: - start_time = time.time() - buffer = '' - while True: - buffer += conn.recv(1024) - - if buffer.endswith("\r\n\r\n") or start_time + TIMEOUT < time.time(): - break - - method, url = buffer.split(" ", 2)[0:2] - - if url == '/VncViewer.jar': - with open(JAR_FILE, 'r') as file: - send_response(conn, "application/octet-stream", file.read()) - else: - response = \ - """ - - Remote Desktop - - - - - - """%(WIDTH, HEIGHT, VNC_PORT, 'X509None' if USE_HTTPS else 'TLSNone', cert.digest('SHA1') if USE_HTTPS else '') - - send_response(conn, "text/html", response) - -except SSL.Error: - # If SSL failed, it is most probably because the browser is actually trying to do normal HTTP request. - - # We have now a partially consumed HTTP request in sock, let's try if we can get Host header out of it - partial_request = sock.recv(8000) # Arbitrary big number, if the request is longer than this, we will just skip the rest. - - host = None - match = re.search(r"\r\nHost: ([^\r]+)\r\n", partial_request) - if match: - host = match.group(1) - - if host: - # If we got host header, we can redirect nicely with HTTP 301. - send_redirect(sock, "text.html", "Use https.", "https://" + host) - else: - # If we don't know the host header, redirect using javascript. - send_response(sock, "text.html", "Use https.") diff --git a/x11vnc b/x11vnc new file mode 100644 index 0000000..b916149 --- /dev/null +++ b/x11vnc @@ -0,0 +1,194 @@ +#!/usr/bin/env python + +# This is wrapper for x0vncserver that translate most common x11vnc arguments +# to x0vncserver's arguments + +import argparse +import socket +import os +import sys + +def is_port_free(port): + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.bind(('', port)) + sock.close() + return True + except socket.error as e: + return False + +def find_free_port(starting_port): + for port in range(starting_port, 6000): + if is_port_free(port): + return port + return None + +parser = argparse.ArgumentParser(add_help=False) + +parser.add_argument('-help', '-h', action='help') +parser.add_argument('--version', '-V', action='store_true') + +parser.add_argument('-storepasswd', nargs=2) + +parser.add_argument('-display') +parser.add_argument('-auth') +parser.add_argument('-N', action='store_true') +parser.add_argument('-rfbport', type=int) +parser.add_argument('-autoport', type=int, default=5900) +parser.add_argument('-6', dest='yes6', action='store_true') +parser.add_argument('-no6', action='store_true') + +#parser.add_argument('-once', action='store_true') # TODO: Add support to x0vncserver +parser.add_argument('-forever', '-many', action='store_true') +parser.add_argument('-viewonly', action='store_true') + +#parser.add_argument('-shared', action='store_true') # TODO? +parser.add_argument('-alwaysshared', action='store_true') +parser.add_argument('-nevershared', action='store_true') +parser.add_argument('-dontdisconnect', action='store_true') + +#parser.add_argument('-timeout', nargs=1, type=int) # TODO? + +parser.add_argument('-clip') +parser.add_argument('-deferupdate', type=int) +parser.add_argument('-noshm', action='store_true') + +#parser.add_argument('-allow', nargs=1) # TODO? +#parser.add_argument('-localhost') # TODO? + +parser.add_argument('-rfbauth') +parser.add_argument('-nopw', action='store_true') +parser.add_argument('-unixpw') + +# Accepted, but ignored arguments +ignored_arguments = ['-v', '-verbose', '-q', '-quiet'] +parser.add_argument(*ignored_arguments, dest='ignored_argument', action='store_true') + + +print('Warning: x11vnc is deprecated in favor of x0vncserver.') +print(' This is a wrapper that maps the most common set of x11vnc') +print(' arguments to x0vncserver arguments.') +print() +print(' Use x0vncserver directly if you want encrypted connection.') +print() + +args = parser.parse_args() + + +# Warnings +if args.ignored_argument: + print('Warning: x11vnc wrapper accepts but ignores following arguments:') + print(', '.join(ignored_arguments)) + + +# vncpasswd +if args.storepasswd: + (password, passwdfile) = args.storepasswd + + os.execlp('vncpasswd.arg', 'vncpasswd.arg', passwdfile, password) + + +# x0vncserver +new_args = ['x0vncserver'] + +default_security_type = 'None' +security_type = default_security_type + +if args.version: + new_args.append('-version') + +if args.display: + new_args.append('-display') + new_args.append(args.display) + +if args.auth: + os.environ['XAUTHORITY'] = args.auth + +if args.N: + display = args.display or os.environ['DISPLAY'] + if not display: + print('No display set') + sys.exit(1) + port = int(display.split(':')[-1]) + 5900 + if is_port_free(port): + new_args.append('-rfbport') + new_args.append(str(port)) + else: + print('Port %d is already used'%port) + sys.exit(1) + +if args.rfbport: + new_args.append('-rfbport') + new_args.append(str(args.rfbport)) +else: + port = find_free_port(args.autoport) + new_args.append('-rfbport') + new_args.append(str(port)) + +if args.yes6: + new_args.append('-UseIPv6') +if args.no6: + new_args.append('-UseIPv6=0') + +if args.forever: + # This is default in x0vncserver + pass + +if args.viewonly: + new_args.append('-AcceptKeyEvents=0') + new_args.append('-AcceptPointerEvents=0') + new_args.append('-AcceptCutText=0') + new_args.append('-AcceptSetDesktopSize=0') + +if args.alwaysshared: + new_args.append('-AlwaysShared') +if args.nevershared: + new_args.append('-NeverShared') +if args.dontdisconnect: + new_args.append('-DisconnectClients=0') +else: + new_args.append('-DisconnectClients') + +if args.clip: + new_args.append('-Geometry') + new_args.append(args.clip) + +if args.deferupdate: + new_args.append('-DeferUpdate') + new_args.append(str(args.deferupdate)) + +if args.noshm: + new_args.append('-UseSHM=0') + +if args.rfbauth: + security_type = 'VncAuth' + new_args.append('-PasswordFile') + new_args.append(args.rfbauth) + +if args.unixpw: + security_type = 'Plain' + new_args.append('-PlainUsers') + new_args.append(args.unixpw) + +new_args.append('-SecurityTypes') +new_args.append(security_type) + +if not args.nopw: + # Note: This is the same warning as the original x11vnc gives + if security_type == default_security_type: + print(""" +#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@# +#@ @# +#@ ** WARNING ** WARNING ** WARNING ** WARNING ** @# +#@ @# +#@ YOU ARE RUNNING X11VNC WITHOUT A PASSWORD!! @# +#@ @# +#@ This means anyone with network access to this computer @# +#@ may be able to view and control your desktop. @# +#@ @# +#@ >>> If you did not mean to do this Press CTRL-C now!! <<< @# +#@ @# +#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@# +""") + +os.execvp('x0vncserver', new_args) diff --git a/xvnc-novnc.service b/xvnc-novnc.service new file mode 100644 index 0000000..14a3690 --- /dev/null +++ b/xvnc-novnc.service @@ -0,0 +1,10 @@ +[Unit] +Description=noVNC Web Server +Requires=xvnc.socket +After=xvnc.socket + +[Service] +ExecStart=/usr/lib/vnc/with-vnc-key.sh /usr/bin/websockify --key /etc/vnc/tls.key --cert /etc/vnc/tls.cert --web /usr/share/novnc --inetd localhost:5901 +User=vnc +StandardInput=socket +StandardError=syslog diff --git a/xvnc-novnc.socket b/xvnc-novnc.socket new file mode 100644 index 0000000..87368d0 --- /dev/null +++ b/xvnc-novnc.socket @@ -0,0 +1,9 @@ +[Unit] +Description=noVNC Web Server + +[Socket] +ListenStream=5801 +Accept=False + +[Install] +WantedBy=sockets.target diff --git a/xvnc.socket b/xvnc.socket new file mode 100644 index 0000000..1bbca04 --- /dev/null +++ b/xvnc.socket @@ -0,0 +1,9 @@ +[Unit] +Description=Xvnc Server + +[Socket] +ListenStream=5901 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/xvnc@.service b/xvnc@.service new file mode 100644 index 0000000..6be8c73 --- /dev/null +++ b/xvnc@.service @@ -0,0 +1,9 @@ +[Unit] +Description=Xvnc Server + +[Service] +ExecStart=/usr/lib/vnc/with-vnc-key.sh /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM +User=vnc +StandardInput=socket +StandardOutput=socket +StandardError=syslog