rpm/tigervnc
SHA256
1
0
Fork 0
forked from pool/tigervnc
Code Pull Requests Activity

Accepting request 530419 from X11:XOrg

Browse Source 
- u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch
  * Fixes crash in x0vncserver after client disconnects.
    (bnc#1058587)

- Add tigervnc-x11vnc wrapper for x0vncserver that replaces x11vnc.
  (fate#323207)
- Replace java applet with novnc as web-based VNC viewer.
  (fate#323880)
- Convert xinetd services to systemd socket activated services.
  (bnc#1058460)

OBS-URL: https://build.opensuse.org/request/show/530419
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tigervnc?expand=0&rev=45
This commit is contained in:
Dominique Leuenberger 2017-10-02 14:52:23 +00:00 committed by Git OBS Bridge
commit 19a43ef6ca
10 changed files with 439 additions and 232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
tigervnc.changes
View File

@ -1,3 +1,22 @@
-------------------------------------------------------------------
Tue Sep 26 11:53:23 UTC 2017 - msrb@suse.com
- u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch
* Fixes crash in x0vncserver after client disconnects.
(bnc#1058587)
-------------------------------------------------------------------
Mon Sep 25 08:36:07 UTC 2017 - msrb@suse.com
- Add tigervnc-x11vnc wrapper for x0vncserver that replaces x11vnc.
(fate#323207)
- Replace java applet with novnc as web-based VNC viewer.
(fate#323880)
- Convert xinetd services to systemd socket activated services.
(bnc#1058460)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Sep 11 14:12:30 UTC 2017 - fstrba@suse.com Mon Sep 11 14:12:30 UTC 2017 - fstrba@suse.com

146
tigervnc.spec
View File

@ -22,6 +22,8 @@
%define tlskey %{_sysconfdir}/vnc/tls.key %define tlskey %{_sysconfdir}/vnc/tls.key
%define tlscert %{_sysconfdir}/vnc/tls.cert %define tlscert %{_sysconfdir}/vnc/tls.cert
%define _unitdir %{_prefix}/lib/systemd/system
Name: tigervnc Name: tigervnc
Version: 1.8.0 Version: 1.8.0
Release: 0 Release: 0
@ -53,6 +55,7 @@ BuildRequires: libgpg-error-devel
BuildRequires: mozilla-nss BuildRequires: mozilla-nss
BuildRequires: pam-devel BuildRequires: pam-devel
BuildRequires: pkg-config BuildRequires: pkg-config
BuildRequires: systemd-rpm-macros
BuildRequires: xmlto BuildRequires: xmlto
BuildRequires: xorg-x11-libICE-devel BuildRequires: xorg-x11-libICE-devel
BuildRequires: xorg-x11-libSM-devel BuildRequires: xorg-x11-libSM-devel
@ -101,16 +104,20 @@ Summary: A high-performance, platform-neutral implementation of VNC
License: GPL-2.0 and MIT License: GPL-2.0 and MIT
Group: System/X11/Servers/XF86_4 Group: System/X11/Servers/XF86_4
Source1: https://github.com/TigerVNC/tigervnc/archive/v%{version}.tar.gz Source1: https://github.com/TigerVNC/tigervnc/archive/v%{version}.tar.gz
Source3: vnc.xinetd
Source4: 10-libvnc.conf Source4: 10-libvnc.conf
Source5: vnc-server.firewall Source5: vnc-server.firewall
Source6: vnc-httpd.firewall Source6: vnc-httpd.firewall
Source7: vnc_inetd_httpd Source7: vnc.reg
Source8: vnc.reg Source8: vncpasswd.arg
Source9: vncpasswd.arg Source9: vnc.pam
Source10: vnc.pam Source10: with-vnc-key.sh
Source11: with-vnc-key.sh Source11: index.vnc
Source12: index.vnc Source12: x11vnc
Source13: xvnc@.service
Source14: xvnc.socket
Source15: xvnc-novnc.service
Source16: xvnc-novnc.socket
Patch1: tigervnc-newfbsize.patch Patch1: tigervnc-newfbsize.patch
Patch2: tigervnc-clean-pressed-key-on-exit.patch Patch2: tigervnc-clean-pressed-key-on-exit.patch
Patch3: u_tigervnc-ignore-epipe-on-write.patch Patch3: u_tigervnc-ignore-epipe-on-write.patch
@ -122,6 +129,7 @@ Patch8: u_tigervnc-show-unencrypted-warning.patch
Patch9: U_allow_multiple_certs_with_same_dn_in_saved_certs_file.patch Patch9: U_allow_multiple_certs_with_same_dn_in_saved_certs_file.patch
Patch10: U_handle_certificate_verification_for_saved_certs_correctly.patch Patch10: U_handle_certificate_verification_for_saved_certs_correctly.patch
Patch11: u_tigervnc-add-autoaccept-parameter.patch Patch11: u_tigervnc-add-autoaccept-parameter.patch
Patch12: u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch
%description %description
TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing), TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing),
@ -135,18 +143,15 @@ Requires(post): /usr/sbin/useradd
Requires(post): /usr/sbin/groupadd Requires(post): /usr/sbin/groupadd
# Needed to generate certificates # Needed to generate certificates
Requires: openssl Requires: openssl
# Needed to serve java applet
Requires: python
Requires: python-pyOpenSSL
Requires: windowmanager Requires: windowmanager
Requires: xauth Requires: xauth
Requires: xinetd
Requires: xinit Requires: xinit
Requires: xkbcomp Requires: xkbcomp
Requires: xkeyboard-config Requires: xkeyboard-config
Requires: xorg-x11-fonts-core Requires: xorg-x11-fonts-core
# For the with-vnc-key.sh script # For the with-vnc-key.sh script
Requires: /bin/hostname Requires: /bin/hostname
%{?systemd_requires}
Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh
Summary: TigerVNC implementation of Xvnc Summary: TigerVNC implementation of Xvnc
Group: System/X11/Servers/XF86_4 Group: System/X11/Servers/XF86_4
@ -154,6 +159,29 @@ Group: System/X11/Servers/XF86_4
%description -n xorg-x11-Xvnc %description -n xorg-x11-Xvnc
This is the TigerVNC implementation of Xvnc. This is the TigerVNC implementation of Xvnc.
%package -n xorg-x11-Xvnc-novnc
Requires: novnc
Requires: python-websockify
Requires: xorg-x11-Xvnc
%{?systemd_requires}
Summary: NoVNC service for Xvnc
Group: System/X11/Servers/XF86_4
BuildArch: noarch
%description -n xorg-x11-Xvnc-novnc
A service that starts noVNC linked to Xvnc server.
%package -n xorg-x11-Xvnc-java
BuildArch: noarch
%{?systemd_requires}
Summary: VNC viewer in java
Group: System/X11/Servers/XF86_4
%description -n xorg-x11-Xvnc-java
A VNC client written in java that can be used as standalone application or as
an applet inside web page.
%package -n libXvnc1 %package -n libXvnc1
Summary: X extension to control VNC module Summary: X extension to control VNC module
Group: System/Libraries Group: System/Libraries
@ -169,6 +197,19 @@ Requires: libXvnc1 = %version
%description -n libXvnc-devel %description -n libXvnc-devel
Xvnc extension allows X clients to read and change VNC configuration. Xvnc extension allows X clients to read and change VNC configuration.
%package x11vnc
Summary: Wrapper that starts x0vncserver
Group: System/X11/Servers/XF86_4
Requires: python
Requires: xorg-x11-Xvnc
Provides: x11vnc
Conflicts: x11vnc
BuildArch: noarch
%description x11vnc
This is a wrapper that looks like x11vnc, but starts x0vncserver instead.
It maps common x11vnc arguments to x0vncserver arguments.
%prep %prep
%setup -T -b1 -q %setup -T -b1 -q
cp -r /usr/src/xserver/* unix/xserver/ cp -r /usr/src/xserver/* unix/xserver/
@ -184,6 +225,7 @@ cp -r /usr/src/xserver/* unix/xserver/
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1
pushd unix/xserver pushd unix/xserver
patch -p1 < ../xserver119.patch patch -p1 < ../xserver119.patch
@ -242,36 +284,40 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/vnc/classes
install -m755 VncViewer.jar $RPM_BUILD_ROOT%{_datadir}/vnc/classes install -m755 VncViewer.jar $RPM_BUILD_ROOT%{_datadir}/vnc/classes
popd popd
install -D -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/xinetd.d/vnc
%ifnarch s390x %ifnarch s390x
install -D -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/X11/xorg.conf.d/10-libvnc.conf install -D -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/X11/xorg.conf.d/10-libvnc.conf
%endif %endif
install -D -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/vnc-server install -D -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/vnc-server
install -D -m 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/vnc-httpd install -D -m 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/vnc-httpd
install -D -m 755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/vnc_inetd_httpd install -D -m 644 %{SOURCE7} $RPM_BUILD_ROOT/etc/slp.reg.d/vnc.reg
install -D -m 644 %{SOURCE8} $RPM_BUILD_ROOT/etc/slp.reg.d/vnc.reg install -D -m 755 %{SOURCE8} $RPM_BUILD_ROOT%{_bindir}/vncpasswd.arg
install -D -m 755 %{SOURCE9} $RPM_BUILD_ROOT%{_bindir}/vncpasswd.arg install -D -m 644 %{SOURCE9} $RPM_BUILD_ROOT/etc/pam.d/vnc
install -D -m 644 %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/vnc install -D -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{_datadir}/vnc/classes
install -D -m 644 %{SOURCE12} $RPM_BUILD_ROOT%{_datadir}/vnc/classes
%if 0%{?suse_version} >= 1315 %if 0%{?suse_version} >= 1315
ln -s -f %{_sysconfdir}/alternatives/vncviewer $RPM_BUILD_ROOT%{_bindir}/vncviewer ln -s -f %{_sysconfdir}/alternatives/vncviewer $RPM_BUILD_ROOT%{_bindir}/vncviewer
ln -s -f %{_sysconfdir}/alternatives/vncviewer.1.gz $RPM_BUILD_ROOT%{_mandir}/man1/vncviewer.1.gz ln -s -f %{_sysconfdir}/alternatives/vncviewer.1.gz $RPM_BUILD_ROOT%{_mandir}/man1/vncviewer.1.gz
%endif %endif
mkdir -p %{buildroot}%{_sbindir}
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcxvnc
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcxvnc-novnc
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/vnc mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/vnc
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/vnc mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/vnc
install -D -m 755 %{SOURCE11} $RPM_BUILD_ROOT%{_libexecdir}/vnc install -D -m 755 %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/vnc
install -D -m 755 %{SOURCE12} $RPM_BUILD_ROOT%{_bindir}/x11vnc
install -D %{SOURCE13} -m 0444 %{buildroot}%{_unitdir}/xvnc@.service
install -D %{SOURCE14} -m 0444 %{buildroot}%{_unitdir}/xvnc.socket
install -D %{SOURCE15} -m 0444 %{buildroot}%{_unitdir}/xvnc-novnc.service
install -D %{SOURCE16} -m 0444 %{buildroot}%{_unitdir}/xvnc-novnc.socket
rm -rf $RPM_BUILD_ROOT/usr/share/doc/tigervnc-* rm -rf $RPM_BUILD_ROOT/usr/share/doc/tigervnc-*
%find_lang '%{name}' %find_lang '%{name}'
%pre -n xorg-x11-Xvnc
getent group %{vncgroup} > /dev/null || groupadd -r %{vncgroup} || :
getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/empty -s /sbin/nologin -c "user for VNC" %{vncuser} || :
usermod -G shadow -a %{vncuser} || :
%post %post
%if 0%{?suse_version} >= 1315 %if 0%{?suse_version} >= 1315
%_sbindir/update-alternatives \ %_sbindir/update-alternatives \
@ -286,6 +332,38 @@ if [ "$1" = 0 ] ; then
fi fi
%endif %endif
%pre -n xorg-x11-Xvnc
%service_add_pre xvnc.socket
getent group %{vncgroup} > /dev/null || groupadd -r %{vncgroup} || :
getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/empty -s /sbin/nologin -c "user for VNC" %{vncuser} || :
usermod -G shadow -a %{vncuser} || :
%post -n xorg-x11-Xvnc
%service_add_post xvnc.socket
%preun -n xorg-x11-Xvnc
%service_del_preun xvnc.socket
%postun -n xorg-x11-Xvnc
%service_del_postun xvnc.socket
%pre -n xorg-x11-Xvnc-novnc
%service_add_pre xvnc-novnc.service
%service_add_pre xvnc-novnc.socket
%post -n xorg-x11-Xvnc-novnc
%service_add_post xvnc-novnc.service
%service_add_post xvnc-novnc.socket
%preun -n xorg-x11-Xvnc-novnc
%service_del_preun xvnc-novnc.service
%service_del_preun xvnc-novnc.socket
%postun -n xorg-x11-Xvnc-novnc
%service_del_postun xvnc-novnc.service
%service_del_postun xvnc-novnc.socket
%post -n libXvnc1 -p /sbin/ldconfig %post -n libXvnc1 -p /sbin/ldconfig
%postun -n libXvnc1 -p /sbin/ldconfig %postun -n libXvnc1 -p /sbin/ldconfig
@ -330,7 +408,6 @@ fi
%{_bindir}/vncpasswd.arg %{_bindir}/vncpasswd.arg
%{_bindir}/vncserver %{_bindir}/vncserver
%{_bindir}/x0vncserver %{_bindir}/x0vncserver
%{_bindir}/vnc_inetd_httpd
%exclude %{_mandir}/man1/Xserver.1* %exclude %{_mandir}/man1/Xserver.1*
%{_mandir}/man1/Xvnc.1* %{_mandir}/man1/Xvnc.1*
@ -339,6 +416,10 @@ fi
%{_mandir}/man1/vncserver.1* %{_mandir}/man1/vncserver.1*
%{_mandir}/man1/x0vncserver.1* %{_mandir}/man1/x0vncserver.1*
%{_unitdir}/xvnc@.service
%{_unitdir}/xvnc.socket
%{_sbindir}/rcxvnc
%exclude /usr/%{_lib}/xorg/protocol.txt %exclude /usr/%{_lib}/xorg/protocol.txt
%exclude /usr/%{_lib}/xorg/modules/extensions/libvnc.la %exclude /usr/%{_lib}/xorg/modules/extensions/libvnc.la
%ifnarch s390 s390x %ifnarch s390 s390x
@ -359,7 +440,6 @@ fi
%else %else
%exclude /etc/X11/xorg.conf.d %exclude /etc/X11/xorg.conf.d
%endif %endif
%config(noreplace) /etc/xinetd.d/vnc
%dir /etc/slp.reg.d %dir /etc/slp.reg.d
%config(noreplace) /etc/slp.reg.d/vnc.reg %config(noreplace) /etc/slp.reg.d/vnc.reg
@ -369,15 +449,21 @@ fi
%exclude /usr/lib/debug/.* %exclude /usr/lib/debug/.*
%exclude /usr/src/debug %exclude /usr/src/debug
%doc java/com/tigervnc/vncviewer/README
%{_datadir}/vnc
%dir %attr(0755,%{vncuser},%{vncuser}) %{_sysconfdir}/vnc %dir %attr(0755,%{vncuser},%{vncuser}) %{_sysconfdir}/vnc
%ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey} %ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey}
%ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert} %ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert}
%{_libexecdir}/vnc %{_libexecdir}/vnc
%files -n xorg-x11-Xvnc-novnc
%{_unitdir}/xvnc-novnc.service
%{_unitdir}/xvnc-novnc.socket
%{_sbindir}/rcxvnc-novnc
%files -n xorg-x11-Xvnc-java
%doc java/com/tigervnc/vncviewer/README
%{_datadir}/vnc
%files -n libXvnc1 %files -n libXvnc1
%defattr(-,root,root) %defattr(-,root,root)
%{_libdir}/libXvnc.so.1* %{_libdir}/libXvnc.so.1*
@ -387,4 +473,8 @@ fi
%{_libdir}/libXvnc.so %{_libdir}/libXvnc.so
%{_includedir}/X11/extensions/Xvnc.h %{_includedir}/X11/extensions/Xvnc.h
%files x11vnc
%defattr(-,root,root)
%{_bindir}/x11vnc
%changelog %changelog

71
u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch Normal file
View File

@ -0,0 +1,71 @@
From b1d7c2caf496e7236fe43c69fd380fedb830a979 Mon Sep 17 00:00:00 2001
From: Michal Srb <msrb@suse.com>
Date: Tue, 26 Sep 2017 13:45:36 +0200
Subject: [PATCH] Unset pixel buffer when x0vncserver client disconnects.
In XDesktop::start() we allocate pixel buffer and set it as the backend to the given VNCServer.
In XDesktop::stop() we deallocate the buffer, so we must unset it from the VNCServer as well.
Otherwise the VNCServer could try to access it and crash, for example in deferred update.
---
common/rfb/VNCServerST.cxx | 14 ++++----------
unix/x0vncserver/x0vncserver.cxx | 6 +++++-
2 files changed, 9 insertions(+), 11 deletions(-)
Index: tigervnc-1.8.0/common/rfb/VNCServerST.cxx
===================================================================
--- tigervnc-1.8.0.orig/common/rfb/VNCServerST.cxx
+++ tigervnc-1.8.0/common/rfb/VNCServerST.cxx
@@ -312,6 +312,8 @@ void VNCServerST::setPixelBuffer(PixelBu
screenLayout = layout;
if (!pb) {
+ stopFrameClock();
+
if (desktopStarted)
throw Exception("setPixelBuffer: null PixelBuffer when desktopStarted?");
return;
@@ -335,18 +337,10 @@ void VNCServerST::setPixelBuffer(PixelBu
void VNCServerST::setPixelBuffer(PixelBuffer* pb_)
{
- ScreenSet layout;
-
- if (!pb_) {
- if (desktopStarted)
- throw Exception("setPixelBuffer: null PixelBuffer when desktopStarted?");
- return;
- }
-
- layout = screenLayout;
+ ScreenSet layout = screenLayout;
// Check that the screen layout is still valid
- if (!layout.validate(pb_->width(), pb_->height())) {
+ if (pb_ && !layout.validate(pb_->width(), pb_->height())) {
Rect fbRect;
ScreenSet::iterator iter, iter_next;
Index: tigervnc-1.8.0/unix/x0vncserver/x0vncserver.cxx
===================================================================
--- tigervnc-1.8.0.orig/unix/x0vncserver/x0vncserver.cxx
+++ tigervnc-1.8.0/unix/x0vncserver/x0vncserver.cxx
@@ -176,7 +176,8 @@ public:
#endif
}
virtual ~XDesktop() {
- stop();
+ if (running)
+ stop();
}
inline void poll() {
@@ -223,6 +224,9 @@ public:
XDamageDestroy(dpy, damage);
#endif
+ server->setPixelBuffer(0);
+ server = 0;
+
delete pb;
pb = 0;
}

90
vnc.xinetd
View File

@ -1,90 +0,0 @@
# default: off
# description: This serves out a VNC connection which starts at a KDM login \
# prompt. This VNC connection has a resolution of 1024x768, 16bit depth.
service vnc1
{
type = UNLISTED
port = 5901
socket_type = stream
protocol = tcp
wait = no
user = vnc
server = /usr/lib/vnc/with-vnc-key.sh
server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM
disable = yes
}
# default: off
# description: This serves out a VNC connection which starts at a KDM login \
# prompt. This VNC connection has a resolution of 1280x1024, 16bit depth.
service vnc2
{
type = UNLISTED
port = 5902
socket_type = stream
protocol = tcp
wait = no
user = vnc
server = /usr/lib/vnc/with-vnc-key.sh
server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM
disable = yes
}
# default: off
# description: This serves out a VNC connection which starts at a KDM login \
# prompt. This VNC connection has a resolution of 1600x1200, 16bit depth.
service vnc3
{
type = UNLISTED
port = 5903
socket_type = stream
protocol = tcp
wait = no
user = vnc
server = /usr/lib/vnc/with-vnc-key.sh
server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM
disable = yes
}
# default: off
# description: This serves out the vncviewer Java applet for the VNC \
# server running on port 5901, (vnc port 1).
service vnchttpd1
{
type = UNLISTED
port = 5801
socket_type = stream
protocol = tcp
wait = no
user = vnc
server = /usr/lib/vnc/with-vnc-key.sh
server_args = /usr/bin/vnc_inetd_httpd 1024 768 5901
disable = yes
}
# default: off
# description: This serves out the vncviewer Java applet for the VNC \
# server running on port 5902, (vnc port 2).
service vnchttpd2
{
type = UNLISTED
port = 5802
socket_type = stream
protocol = tcp
wait = no
user = vnc
server = /usr/lib/vnc/with-vnc-key.sh
server_args = /usr/bin/vnc_inetd_httpd 1280 1024 5902
disable = yes
}
# default: off
# description: This serves out the vncviewer Java applet for the VNC \
# server running on port 5902, (vnc port 3).
service vnchttpd3
{
type = UNLISTED
port = 5803
socket_type = stream
protocol = tcp
wait = no
user = vnc
server = /usr/lib/vnc/with-vnc-key.sh
server_args = /usr/bin/vnc_inetd_httpd 1600 1200 5903
disable = yes
}

114
vnc_inetd_httpd
View File

@ -1,114 +0,0 @@
#!/usr/bin/env python
# This is simple stupid WWW server intended to serve VNC java applet.
# It is made to be called by xinetd.
# It handles both HTTP and HTTPS on the same port. If HTTPS is allowed, any HTTP requests is responded with redirect to HTTPS.
import re
import sys
import socket
import time
from OpenSSL import SSL, crypto
TLS_KEY = "/etc/vnc/tls.key"
TLS_CERT = "/etc/vnc/tls.cert"
JAR_FILE = "/usr/share/vnc/classes/VncViewer.jar"
TIMEOUT = 10
WIDTH = int(sys.argv[1])
HEIGHT = int(sys.argv[2])
VNC_PORT = int(sys.argv[3])
USE_HTTPS = not (len(sys.argv) >= 5 and sys.argv[4] == "NoHTTPS")
# Take the stdin as our input socket (given from xinetd)
conn = sock = socket.fromfd(sys.stdin.fileno(), socket.AF_INET, socket.SOCK_STREAM)
# If we are supposed to use HTTPS, load certificate and replace conn with SSL connection.
if USE_HTTPS:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(TLS_CERT, 'r').read())
context = SSL.Context(SSL.SSLv23_METHOD)
context.use_privatekey_file(TLS_KEY)
context.use_certificate(cert)
conn = SSL.Connection(context, sock)
conn.set_accept_state()
# Send normal response
def send_response(connection, ctype, response):
connection.sendall(
"HTTP/1.0 200 OK\n" +
"Content-Type: " + ctype + "\n" +
"Content-Length: " + str(len(response)) + "\n" +
"Connection: close\n" +
"\n" +
response
)
# Send redirect
def send_redirect(connection, ctype, response, location):
connection.sendall(
"HTTP/1.0 301 Moved Permanently\n" +
"Location: " + location + "\n" +
"Content-Type: " + ctype + "\n" +
"Content-Length: " + str(len(response)) + "\n" +
"Connection: close\n" +
"\n" +
response
)
# Try to read and parse HTTP request
try:
start_time = time.time()
buffer = ''
while True:
buffer += conn.recv(1024)
if buffer.endswith("\r\n\r\n") or start_time + TIMEOUT < time.time():
break
method, url = buffer.split(" ", 2)[0:2]
if url == '/VncViewer.jar':
with open(JAR_FILE, 'r') as file:
send_response(conn, "application/octet-stream", file.read())
else:
response = \
"""<html>
<head>
<title>Remote Desktop</title>
</head>
<body>
<embed type="application/x-java-applet;version=1.6" code="com.tigervnc.vncviewer.VncViewer" archive="VncViewer.jar" width="%d" height="%d"
Port="%d"
Embed="true"
AlwaysShowServerDialog="false"
SecurityTypes="%s"
x509autoaccept="%s"
>
</body>
</html>
"""%(WIDTH, HEIGHT, VNC_PORT, 'X509None' if USE_HTTPS else 'TLSNone', cert.digest('SHA1') if USE_HTTPS else '')
send_response(conn, "text/html", response)
except SSL.Error:
# If SSL failed, it is most probably because the browser is actually trying to do normal HTTP request.
# We have now a partially consumed HTTP request in sock, let's try if we can get Host header out of it
partial_request = sock.recv(8000) # Arbitrary big number, if the request is longer than this, we will just skip the rest.
host = None
match = re.search(r"\r\nHost: ([^\r]+)\r\n", partial_request)
if match:
host = match.group(1)
if host:
# If we got host header, we can redirect nicely with HTTP 301.
send_redirect(sock, "text.html", "<html><body>Use https.</body></html>", "https://" + host)
else:
# If we don't know the host header, redirect using javascript.
send_response(sock, "text.html", "<html><head><script>document.location.protocol = 'https';</script></head><body>Use https.</body></html>")

194
x11vnc Normal file
View File

@ -0,0 +1,194 @@
#!/usr/bin/env python
# This is wrapper for x0vncserver that translate most common x11vnc arguments
# to x0vncserver's arguments
import argparse
import socket
import os
import sys
def is_port_free(port):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind(('', port))
sock.close()
return True
except socket.error as e:
return False
def find_free_port(starting_port):
for port in range(starting_port, 6000):
if is_port_free(port):
return port
return None
parser = argparse.ArgumentParser(add_help=False)
parser.add_argument('-help', '-h', action='help')
parser.add_argument('--version', '-V', action='store_true')
parser.add_argument('-storepasswd', nargs=2)
parser.add_argument('-display')
parser.add_argument('-auth')
parser.add_argument('-N', action='store_true')
parser.add_argument('-rfbport', type=int)
parser.add_argument('-autoport', type=int, default=5900)
parser.add_argument('-6', dest='yes6', action='store_true')
parser.add_argument('-no6', action='store_true')
#parser.add_argument('-once', action='store_true') # TODO: Add support to x0vncserver
parser.add_argument('-forever', '-many', action='store_true')
parser.add_argument('-viewonly', action='store_true')
#parser.add_argument('-shared', action='store_true') # TODO?
parser.add_argument('-alwaysshared', action='store_true')
parser.add_argument('-nevershared', action='store_true')
parser.add_argument('-dontdisconnect', action='store_true')
#parser.add_argument('-timeout', nargs=1, type=int) # TODO?
parser.add_argument('-clip')
parser.add_argument('-deferupdate', type=int)
parser.add_argument('-noshm', action='store_true')
#parser.add_argument('-allow', nargs=1) # TODO?
#parser.add_argument('-localhost') # TODO?
parser.add_argument('-rfbauth')
parser.add_argument('-nopw', action='store_true')
parser.add_argument('-unixpw')
# Accepted, but ignored arguments
ignored_arguments = ['-v', '-verbose', '-q', '-quiet']
parser.add_argument(*ignored_arguments, dest='ignored_argument', action='store_true')
print('Warning: x11vnc is deprecated in favor of x0vncserver.')
print(' This is a wrapper that maps the most common set of x11vnc')
print(' arguments to x0vncserver arguments.')
print()
print(' Use x0vncserver directly if you want encrypted connection.')
print()
args = parser.parse_args()
# Warnings
if args.ignored_argument:
print('Warning: x11vnc wrapper accepts but ignores following arguments:')
print(', '.join(ignored_arguments))
# vncpasswd
if args.storepasswd:
(password, passwdfile) = args.storepasswd
os.execlp('vncpasswd.arg', 'vncpasswd.arg', passwdfile, password)
# x0vncserver
new_args = ['x0vncserver']
default_security_type = 'None'
security_type = default_security_type
if args.version:
new_args.append('-version')
if args.display:
new_args.append('-display')
new_args.append(args.display)
if args.auth:
os.environ['XAUTHORITY'] = args.auth
if args.N:
display = args.display or os.environ['DISPLAY']
if not display:
print('No display set')
sys.exit(1)
port = int(display.split(':')[-1]) + 5900
if is_port_free(port):
new_args.append('-rfbport')
new_args.append(str(port))
else:
print('Port %d is already used'%port)
sys.exit(1)
if args.rfbport:
new_args.append('-rfbport')
new_args.append(str(args.rfbport))
else:
port = find_free_port(args.autoport)
new_args.append('-rfbport')
new_args.append(str(port))
if args.yes6:
new_args.append('-UseIPv6')
if args.no6:
new_args.append('-UseIPv6=0')
if args.forever:
# This is default in x0vncserver
pass
if args.viewonly:
new_args.append('-AcceptKeyEvents=0')
new_args.append('-AcceptPointerEvents=0')
new_args.append('-AcceptCutText=0')
new_args.append('-AcceptSetDesktopSize=0')
if args.alwaysshared:
new_args.append('-AlwaysShared')
if args.nevershared:
new_args.append('-NeverShared')
if args.dontdisconnect:
new_args.append('-DisconnectClients=0')
else:
new_args.append('-DisconnectClients')
if args.clip:
new_args.append('-Geometry')
new_args.append(args.clip)
if args.deferupdate:
new_args.append('-DeferUpdate')
new_args.append(str(args.deferupdate))
if args.noshm:
new_args.append('-UseSHM=0')
if args.rfbauth:
security_type = 'VncAuth'
new_args.append('-PasswordFile')
new_args.append(args.rfbauth)
if args.unixpw:
security_type = 'Plain'
new_args.append('-PlainUsers')
new_args.append(args.unixpw)
new_args.append('-SecurityTypes')
new_args.append(security_type)
if not args.nopw:
# Note: This is the same warning as the original x11vnc gives
if security_type == default_security_type:
print("""
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#
#@ @#
#@ ** WARNING ** WARNING ** WARNING ** WARNING ** @#
#@ @#
#@ YOU ARE RUNNING X11VNC WITHOUT A PASSWORD!! @#
#@ @#
#@ This means anyone with network access to this computer @#
#@ may be able to view and control your desktop. @#
#@ @#
#@ >>> If you did not mean to do this Press CTRL-C now!! <<< @#
#@ @#
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#
""")
os.execvp('x0vncserver', new_args)

10
xvnc-novnc.service Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=noVNC Web Server
Requires=xvnc.socket
After=xvnc.socket
[Service]
ExecStart=/usr/lib/vnc/with-vnc-key.sh /usr/bin/websockify --key /etc/vnc/tls.key --cert /etc/vnc/tls.cert --web /usr/share/novnc --inetd localhost:5901
User=vnc
StandardInput=socket
StandardError=syslog

9
xvnc-novnc.socket Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=noVNC Web Server
[Socket]
ListenStream=5801
Accept=False
[Install]
WantedBy=sockets.target

9
xvnc.socket Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Xvnc Server
[Socket]
ListenStream=5901
Accept=yes
[Install]
WantedBy=sockets.target

9
xvnc@.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Xvnc Server
[Service]
ExecStart=/usr/lib/vnc/with-vnc-key.sh /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM
User=vnc
StandardInput=socket
StandardOutput=socket
StandardError=syslog