packages/gnome-remote-desktop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add 2 patch to fix core-dump when start gnome-remote-desktop.service

Browse Source 
(cherry picked from commit b289adfe66e14e65f55b2aa837db24a0db4cc81f)
This commit is contained in:
dwl301 2021-09-27 12:58:42 +08:00 committed by openeuler-sync-bot
parent 8b32e45e44
commit 415163783c
4 changed files with 809 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

731
0001-vnc-Add-anonymous-TLS-encryption-support.patch
View File

@ -1,7 +1,7 @@
From fcfef86768d3dc63a2e7da799beb011800dff2ad Mon Sep 17 00:00:00 2001
From 546151b4e15fd45901f38172435cd9aa63893727 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Thu, 14 Jun 2018 12:21:37 +0200
Subject: [PATCH] vnc: Add anonymous TLS encryption support
Subject: [PATCH 1/6] vnc: Add anonymous TLS encryption support
Add support for encrypting the VNC connection using anonymous TLS. In
effect this means that the channel is encrypted using TLS but that no
@ -12,14 +12,14 @@ VNC connection.
meson.build | 1 +
src/grd-enums.h | 6 +
src/grd-session-vnc.c | 98 +++-
src/grd-session-vnc.h | 16 +
src/grd-settings.c | 27 ++
src/grd-session-vnc.h | 15 +
src/grd-settings.c | 28 ++
src/grd-settings.h | 2 +
src/grd-vnc-server.c | 45 ++
src/grd-vnc-tls.c | 444 ++++++++++++++++++
src/grd-vnc-tls.h | 28 ++
src/meson.build | 5 +-
...g.gnome.desktop.remote-desktop.gschema.xml | 10 +
...nome.desktop.remote-desktop.gschema.xml.in | 10 +
11 files changed, 666 insertions(+), 16 deletions(-)
create mode 100644 src/grd-vnc-tls.c
create mode 100644 src/grd-vnc-tls.h
@ -33,7 +33,7 @@ index af423a4..813c97f 100644
libnotify_dep = dependency('libnotify')
winpr_dep = dependency('winpr2', version: freerdp_req)
+gnutls_dep = dependency('gnutls')
cdata = configuration_data()
cdata.set_quoted('GETTEXT_PACKAGE', 'gnome-remote-desktop')
diff --git a/src/grd-enums.h b/src/grd-enums.h
@ -43,7 +43,7 @@ index ffab821..4333863 100644
@@ -27,4 +27,10 @@ typedef enum
GRD_VNC_AUTH_METHOD_PASSWORD
} GrdVncAuthMethod;
+typedef enum
+{
+ GRD_VNC_ENCRYPTION_NONE = 1 << 0,
@ -52,23 +52,23 @@ index ffab821..4333863 100644
+
#endif /* GRD_ENUMS_H */
diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
index 813838a..4bfb46e 100644
index a06d34d..d014315 100644
--- a/src/grd-session-vnc.c
+++ b/src/grd-session-vnc.c
@@ -44,7 +44,9 @@ struct _GrdSessionVnc
{
GrdSession parent;
+ GrdVncServer *vnc_server;
GSocketConnection *connection;
+ GList *socket_grabs;
GSource *source;
rfbScreenInfoPtr rfb_screen;
rfbClientPtr rfb_client;
@@ -511,12 +513,30 @@ check_rfb_password (rfbClientPtr rfb_client,
@@ -518,12 +520,30 @@ check_rfb_password (rfbClientPtr rfb_client,
}
}
+int
+grd_session_vnc_get_fd (GrdSessionVnc *session_vnc)
+{
@ -80,7 +80,7 @@ index 813838a..4bfb46e 100644
{
return session_vnc->rfb_screen->paddedWidthInBytes;
}
+rfbClientPtr
+grd_session_vnc_get_rfb_client (GrdSessionVnc *session_vnc)
+{
@ -96,10 +96,10 @@ index 813838a..4bfb46e 100644
static void
init_vnc_session (GrdSessionVnc *session_vnc)
{
@@ -557,33 +577,74 @@ init_vnc_session (GrdSessionVnc *session_vnc)
@@ -564,33 +584,74 @@ init_vnc_session (GrdSessionVnc *session_vnc)
rfbProcessEvents (rfb_screen, 0);
}
+void
+grd_session_vnc_grab_socket (GrdSessionVnc *session_vnc,
+ GrdVncSocketGrabFunc grab_func)
@ -145,7 +145,7 @@ index 813838a..4bfb46e 100644
- GrdSessionVnc *session_vnc = user_data;
+ GrdSessionVnc *session_vnc = GRD_SESSION_VNC (user_data);
+ GrdSession *session = GRD_SESSION (session_vnc);
- if (condition & G_IO_IN)
+ if (condition & (G_IO_ERR | G_IO_HUP))
+ {
@ -164,7 +164,7 @@ index 813838a..4bfb46e 100644
{
- rfbProcessEvents (session_vnc->rfb_screen, 0);
+ g_warning ("Error when reading socket: %s", error->message);
- if (session_vnc->pending_framebuffer_resize &&
- session_vnc->rfb_client->preferredEncoding != -1)
- {
@ -173,7 +173,7 @@ index 813838a..4bfb46e 100644
- session_vnc->pending_framebuffer_height);
- session_vnc->pending_framebuffer_resize = FALSE;
- }
+ grd_session_stop (session);
+ grd_session_stop (session);
}
}
else
@ -183,10 +183,10 @@ index 813838a..4bfb46e 100644
+ g_warning ("Unhandled socket condition %d\n", condition);
+ g_assert_not_reached ();
}
return G_SOURCE_CONTINUE;
@@ -596,7 +657,10 @@ grd_session_vnc_attach_source (GrdSessionVnc *session_vnc)
@@ -603,7 +664,10 @@ grd_session_vnc_attach_source (GrdSessionVnc *session_vnc)
socket = g_socket_connection_get_socket (session_vnc->connection);
session_vnc->source = g_socket_create_source (socket,
- G_IO_IN | G_IO_PRI,
@ -197,48 +197,50 @@ index 813838a..4bfb46e 100644
NULL);
g_source_set_callback (session_vnc->source,
(GSourceFunc) handle_socket_data,
@@ -622,8 +686,10 @@ grd_session_vnc_new (GrdVncServer *vnc_server,
@@ -629,8 +693,10 @@ grd_session_vnc_new (GrdVncServer *vnc_server,
"context", context,
NULL);
+ session_vnc->vnc_server = vnc_server;
session_vnc->connection = g_object_ref (connection);
+ grd_session_vnc_grab_socket (session_vnc, vnc_socket_grab_func);
grd_session_vnc_attach_source (session_vnc);
init_vnc_session (session_vnc);
@@ -638,6 +704,8 @@ grd_session_vnc_dispose (GObject *object)
@@ -645,6 +711,8 @@ grd_session_vnc_dispose (GObject *object)
g_assert (!session_vnc->rfb_screen);
+ g_clear_pointer (&session_vnc->socket_grabs, g_list_free);
+
g_clear_pointer (&session_vnc->pressed_keys, g_hash_table_unref);
G_OBJECT_CLASS (grd_session_vnc_parent_class)->dispose (object);
diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
index 579a12a..912dfef 100644
index 07678c8..bba3d56 100644
--- a/src/grd-session-vnc.h
+++ b/src/grd-session-vnc.h
@@ -36,6 +36,9 @@ G_DECLARE_FINAL_TYPE (GrdSessionVnc,
GRD, SESSION_VNC,
GrdSession);
+typedef gboolean (* GrdVncSocketGrabFunc) (GrdSessionVnc *session_vnc,
+ GError **error);
+
GrdSessionVnc *grd_session_vnc_new (GrdVncServer *vnc_server,
GSocketConnection *connection);
@@ -55,6 +58,18 @@ void grd_session_vnc_move_cursor (GrdSessionVnc *session_vnc,
@@ -55,8 +58,20 @@ void grd_session_vnc_move_cursor (GrdSessionVnc *session_vnc,
int x,
int y);
+int grd_session_vnc_get_fd (GrdSessionVnc *session_vnc);
+
int grd_session_vnc_get_framebuffer_stride (GrdSessionVnc *session_vnc);
gboolean grd_session_vnc_is_client_gone (GrdSessionVnc *session_vnc);
+rfbClientPtr grd_session_vnc_get_rfb_client (GrdSessionVnc *session_vnc);
+
+void grd_session_vnc_grab_socket (GrdSessionVnc *session_vnc,
@ -251,21 +253,21 @@ index 579a12a..912dfef 100644
+
#endif /* GRD_SESSION_VNC_H */
diff --git a/src/grd-settings.c b/src/grd-settings.c
index 3af87be..1c7dc4b 100644
index 3af87be..f37f2da 100644
--- a/src/grd-settings.c
+++ b/src/grd-settings.c
@@ -59,6 +59,7 @@ struct _GrdSettings
GSettings *settings;
@@ -60,6 +60,7 @@ struct _GrdSettings
gboolean view_only;
GrdVncAuthMethod auth_method;
+ GrdVncEncryption encryption;
int port;
+ GrdVncEncryption encryption;
} vnc;
};
@@ -253,6 +254,12 @@ update_rdp_view_only (GrdSettings *settings)
"view-only");
@@ -232,6 +233,12 @@ grd_settings_get_vnc_auth_method (GrdSettings *settings)
return settings->vnc.auth_method;
}
+GrdVncEncryption
+grd_settings_get_vnc_encryption (GrdSettings *settings)
+{
@ -273,12 +275,12 @@ index 3af87be..1c7dc4b 100644
+}
+
static void
update_vnc_view_only (GrdSettings *settings)
update_rdp_tls_cert (GrdSettings *settings)
{
@@ -289,6 +296,13 @@ on_rdp_settings_changed (GSettings *rdp_settings,
}
@@ -267,6 +274,13 @@ update_vnc_auth_method (GrdSettings *settings)
"auth-method");
}
+static void
+update_vnc_encryption (GrdSettings *settings)
+{
@ -287,7 +289,7 @@ index 3af87be..1c7dc4b 100644
+}
+
static void
on_vnc_settings_changed (GSettings *vnc_settings,
on_rdp_settings_changed (GSettings *rdp_settings,
const char *key,
@@ -304,6 +318,11 @@ on_vnc_settings_changed (GSettings *vnc_settings,
update_vnc_auth_method (settings);
@ -299,17 +301,18 @@ index 3af87be..1c7dc4b 100644
+ g_signal_emit (settings, signals[VNC_ENCRYPTION_CHANGED], 0);
+ }
}
static void
@@ -332,6 +351,7 @@ grd_settings_init (GrdSettings *settings)
update_rdp_view_only (settings);
update_vnc_view_only (settings);
update_vnc_auth_method (settings);
+ update_vnc_encryption (settings);
@@ -335,6 +354,8 @@ grd_settings_init (GrdSettings *settings)
settings->rdp.port = GRD_RDP_SERVER_PORT;
settings->vnc.port = GRD_VNC_SERVER_PORT;
@@ -379,4 +399,11 @@ grd_settings_class_init (GrdSettingsClass *klass)
+
+ update_vnc_encryption (settings);
}
static void
@@ -379,4 +400,11 @@ grd_settings_class_init (GrdSettingsClass *klass)
0,
NULL, NULL, NULL,
G_TYPE_NONE, 0);
@ -326,28 +329,34 @@ index e12e47e..b940fdb 100644
--- a/src/grd-settings.h
+++ b/src/grd-settings.h
@@ -64,4 +64,6 @@ gboolean grd_settings_get_vnc_view_only (GrdSettings *settings);
GrdVncAuthMethod grd_settings_get_vnc_auth_method (GrdSettings *settings);
+GrdVncEncryption grd_settings_get_vnc_encryption (GrdSettings *settings);
+
#endif /* GRD_SETTINGS_H */
diff --git a/src/grd-vnc-server.c b/src/grd-vnc-server.c
index a6d95cb..98b23c9 100644
index a6d95cb..f9c68db 100644
--- a/src/grd-vnc-server.c
+++ b/src/grd-vnc-server.c
@@ -29,6 +29,7 @@
@@ -24,11 +24,13 @@
#include "grd-vnc-server.h"
+#include <rfb/rfb.h>
#include <gio/gio.h>
#include <rfb/rfb.h>
#include "grd-context.h"
#include "grd-session-vnc.h"
+#include "grd-vnc-tls.h"
enum
@@ -130,6 +131,43 @@ on_incoming (GSocketService *service,
@@ -130,6 +132,43 @@ on_incoming (GSocketService *service,
return TRUE;
}
+static void
+sync_encryption_settings (GrdVncServer *vnc_server)
+{
@ -388,17 +397,17 @@ index a6d95cb..98b23c9 100644
gboolean
grd_vnc_server_start (GrdVncServer *vnc_server,
GError **error)
@@ -220,12 +258,18 @@ static void
@@ -220,12 +259,18 @@ static void
grd_vnc_server_constructed (GObject *object)
{
GrdVncServer *vnc_server = GRD_VNC_SERVER (object);
+ GrdSettings *settings = grd_context_get_settings (vnc_server->context);
if (grd_context_get_debug_flags (vnc_server->context) & GRD_DEBUG_VNC)
rfbLogEnable (1);
else
rfbLogEnable (0);
+ g_signal_connect (settings, "vnc-encryption-changed",
+ G_CALLBACK (on_vnc_encryption_changed),
+ vnc_server);
@ -406,13 +415,13 @@ index a6d95cb..98b23c9 100644
+
G_OBJECT_CLASS (grd_vnc_server_parent_class)->constructed (object);
}
diff --git a/src/grd-vnc-tls.c b/src/grd-vnc-tls.c
new file mode 100644
index 0000000..a77b91f
index 0000000..ec4758e
--- /dev/null
+++ b/src/grd-vnc-tls.c
@@ -0,0 +1,445 @@
@@ -0,0 +1,444 @@
+/*
+ * Copyright (C) 2018 Red Hat Inc.
+ *
@ -586,7 +595,7 @@ index 0000000..a77b91f
+grd_vnc_tls_session_free (GrdVncTlsSession *tls_session)
+{
+ g_clear_pointer (&tls_session->peek_buffer, g_free);
+ g_clear_pointer (&tls_session->tls_session, (GDestroyNotify) gnutls_deinit);
+ g_clear_pointer (&tls_session->tls_session, gnutls_deinit);
+ g_free (tls_session);
+}
+
@ -857,7 +866,6 @@ index 0000000..a77b91f
+{
+ return &anon_tls_security_handler;
+}
+
diff --git a/src/grd-vnc-tls.h b/src/grd-vnc-tls.h
new file mode 100644
index 0000000..135ef8c
@ -893,7 +901,7 @@ index 0000000..135ef8c
+
+#endif /* GRD_VNC_TLS_H */
diff --git a/src/meson.build b/src/meson.build
index 1b6425d..2b8aeea 100644
index 1b6425d..17579b1 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -33,6 +33,8 @@ daemon_sources = files([
@ -903,18 +911,581 @@ index 1b6425d..2b8aeea 100644
+ 'grd-vnc-tls.c',
+ 'grd-vnc-tls.h',
])
gen_daemon_sources = []
@@ -65,7 +67,8 @@ executable('gnome-remote-desktop-daemon',
pipewire_dep,
@@ -66,7 +68,8 @@ executable('gnome-remote-desktop-daemon',
libvncserver_dep,
libsecret_dep,
- libnotify_dep,
+ libnotify_dep,
+ gnutls_dep,
winpr_dep],
libnotify_dep,
- winpr_dep],
+ winpr_dep,
+ gnutls_dep],
include_directories: [configinc],
install: true,
install_dir: libexecdir)
diff --git a/src/org.gnome.desktop.remote-desktop.gschema.xml.in b/src/org.gnome.desktop.remote-desktop.gschema.xml.in
index 4b6e593..0086d99 100644
--- a/src/org.gnome.desktop.remote-desktop.gschema.xml.in
+++ b/src/org.gnome.desktop.remote-desktop.gschema.xml.in
@@ -49,5 +49,15 @@
* password - by requiring the remote client to provide a known password
</description>
</key>
+ <key name='encryption' flags='org.gnome.desktop.remote-desktop.GrdVncEncryption'>
+ <default>['tls-anon']</default>
+ <summary>Allowed encryption method to use</summary>
+ <description>
+ Allowed encryption methods. Includes the following:
+
+ * none - no encryption
+ * tls-anon - anonymous (unauthenticated) TLS
+ </description>
+ </key>
</schema>
</schemalist>
--
2.17.1
2.26.2
From 2e46518f421fd8704770bb6742accfacba3570aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 11:02:09 +0100
Subject: [PATCH 2/6] session-vnc: Add paused/resumed signals
Paused is when the socket sourec is detached, and resumed when attached.
Meant to be used by the TLS channel security to a attach/detach
out-of-socket source.
---
src/grd-session-vnc.c | 72 ++++++++++++++++++++++++++++++++++++++-----
1 file changed, 65 insertions(+), 7 deletions(-)
diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
index d014315..7edd407 100644
--- a/src/grd-session-vnc.c
+++ b/src/grd-session-vnc.c
@@ -40,14 +40,27 @@
#define BGRX_SAMPLES_PER_PIXEL 3
#define BGRX_BYTES_PER_PIXEL 4
+enum
+{
+ PAUSED,
+ RESUMED,
+
+ N_SIGNALS
+};
+
+static guint signals[N_SIGNALS];
+
struct _GrdSessionVnc
{
GrdSession parent;
GrdVncServer *vnc_server;
GSocketConnection *connection;
+
GList *socket_grabs;
GSource *source;
+ gboolean is_paused;
+
rfbScreenInfoPtr rfb_screen;
rfbClientPtr rfb_client;
@@ -73,7 +86,7 @@ struct _GrdSessionVnc
G_DEFINE_TYPE (GrdSessionVnc, grd_session_vnc, GRD_TYPE_SESSION);
static void
-grd_session_vnc_detach_source (GrdSessionVnc *session_vnc);
+grd_session_vnc_pause (GrdSessionVnc *session_vnc);
static gboolean
close_session_idle (gpointer user_data);
@@ -224,7 +237,8 @@ handle_client_gone (rfbClientPtr rfb_client)
g_debug ("VNC client gone");
- grd_session_vnc_detach_source (session_vnc);
+ grd_session_vnc_pause (session_vnc);
+
maybe_queue_close_session_idle (session_vnc);
session_vnc->rfb_client = NULL;
}
@@ -293,7 +307,7 @@ handle_new_client (rfbClientPtr rfb_client)
session_vnc->prompt_cancellable,
prompt_response_callback,
session_vnc);
- grd_session_vnc_detach_source (session_vnc);
+ grd_session_vnc_pause (session_vnc);
return RFB_CLIENT_ON_HOLD;
case GRD_VNC_AUTH_METHOD_PASSWORD:
session_vnc->rfb_screen->passwordCheck = check_rfb_password;
@@ -511,7 +525,7 @@ check_rfb_password (rfbClientPtr rfb_client,
if (memcmp (challenge_encrypted, response_encrypted, len) == 0)
{
grd_session_start (GRD_SESSION (session_vnc));
- grd_session_vnc_detach_source (session_vnc);
+ grd_session_vnc_pause (session_vnc);
return TRUE;
}
else
@@ -681,6 +695,36 @@ grd_session_vnc_detach_source (GrdSessionVnc *session_vnc)
g_clear_pointer (&session_vnc->source, g_source_destroy);
}
+gboolean
+grd_session_vnc_is_paused (GrdSessionVnc *session_vnc)
+{
+ return session_vnc->is_paused;
+}
+
+static void
+grd_session_vnc_pause (GrdSessionVnc *session_vnc)
+{
+ if (grd_session_vnc_is_paused (session_vnc))
+ return;
+
+ session_vnc->is_paused = TRUE;
+
+ grd_session_vnc_detach_source (session_vnc);
+ g_signal_emit (session_vnc, signals[PAUSED], 0);
+}
+
+static void
+grd_session_vnc_resume (GrdSessionVnc *session_vnc)
+{
+ if (!grd_session_vnc_is_paused (session_vnc))
+ return;
+
+ session_vnc->is_paused = FALSE;
+
+ grd_session_vnc_attach_source (session_vnc);
+ g_signal_emit (session_vnc, signals[RESUMED], 0);
+}
+
GrdSessionVnc *
grd_session_vnc_new (GrdVncServer *vnc_server,
GSocketConnection *connection)
@@ -698,6 +742,7 @@ grd_session_vnc_new (GrdVncServer *vnc_server,
grd_session_vnc_grab_socket (session_vnc, vnc_socket_grab_func);
grd_session_vnc_attach_source (session_vnc);
+ session_vnc->is_paused = FALSE;
init_vnc_session (session_vnc);
@@ -727,7 +772,7 @@ grd_session_vnc_stop (GrdSession *session)
g_clear_object (&session_vnc->pipewire_stream);
- grd_session_vnc_detach_source (session_vnc);
+ grd_session_vnc_pause (session_vnc);
g_clear_object (&session_vnc->connection);
g_clear_pointer (&session_vnc->rfb_screen->frameBuffer, g_free);
@@ -783,8 +828,8 @@ grd_session_vnc_stream_ready (GrdSession *session,
G_CALLBACK (on_pipewire_stream_closed),
session_vnc);
- if (!session_vnc->source)
- grd_session_vnc_attach_source (session_vnc);
+ if (grd_session_vnc_is_paused (session_vnc))
+ grd_session_vnc_resume (session_vnc);
}
static void
@@ -803,4 +848,17 @@ grd_session_vnc_class_init (GrdSessionVncClass *klass)
session_class->stop = grd_session_vnc_stop;
session_class->stream_ready = grd_session_vnc_stream_ready;
+
+ signals[PAUSED] = g_signal_new ("paused",
+ G_TYPE_FROM_CLASS (klass),
+ G_SIGNAL_RUN_LAST,
+ 0,
+ NULL, NULL, NULL,
+ G_TYPE_NONE, 0);
+ signals[RESUMED] = g_signal_new ("resumed",
+ G_TYPE_FROM_CLASS (klass),
+ G_SIGNAL_RUN_LAST,
+ 0,
+ NULL, NULL, NULL,
+ G_TYPE_NONE, 0);
}
--
2.26.2
From b59c36ccf73939d32ccf5ab4eb47460a9fe415f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 11:03:46 +0100
Subject: [PATCH 3/6] session-vnc: Add grd_session_vnc_dispatch() helper
To be used by the TLS channel security to dispatch when there is data
available that is not visible to the socket source.
---
src/grd-session-vnc.c | 26 ++++++++++++++++----------
src/grd-session-vnc.h | 2 ++
2 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
index 7edd407..29c94a1 100644
--- a/src/grd-session-vnc.c
+++ b/src/grd-session-vnc.c
@@ -635,6 +635,21 @@ vnc_socket_grab_func (GrdSessionVnc *session_vnc,
return TRUE;
}
+void
+grd_session_vnc_dispatch (GrdSessionVnc *session_vnc)
+{
+ GrdVncSocketGrabFunc grab_func;
+ g_autoptr (GError) error = NULL;
+
+ grab_func = g_list_first (session_vnc->socket_grabs)->data;
+ if (!grab_func (session_vnc, &error))
+ {
+ g_warning ("Error when reading socket: %s", error->message);
+
+ grd_session_stop (GRD_SESSION (session_vnc));
+ }
+}
+
static gboolean
handle_socket_data (GSocket *socket,
GIOCondition condition,
@@ -651,16 +666,7 @@ handle_socket_data (GSocket *socket,
}
else if (condition & G_IO_IN)
{
- GrdVncSocketGrabFunc grab_func;
- g_autoptr (GError) error = NULL;
-
- grab_func = g_list_first (session_vnc->socket_grabs)->data;
- if (!grab_func (session_vnc, &error))
- {
- g_warning ("Error when reading socket: %s", error->message);
-
- grd_session_stop (session);
- }
+ grd_session_vnc_dispatch (session_vnc);
}
else
{
diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
index bba3d56..58f635c 100644
--- a/src/grd-session-vnc.h
+++ b/src/grd-session-vnc.h
@@ -72,6 +72,8 @@ void grd_session_vnc_grab_socket (GrdSessionVnc *session_vnc,
void grd_session_vnc_ungrab_socket (GrdSessionVnc *session_vnc,
GrdVncSocketGrabFunc grab_func);
+void grd_session_vnc_dispatch (GrdSessionVnc *session_vnc);
+
GrdVncServer * grd_session_vnc_get_vnc_server (GrdSessionVnc *session_vnc);
#endif /* GRD_SESSION_VNC_H */
--
2.26.2
From 966b2ddbd1c03c9e20dc66e5ea9a2dfb39ba4bfa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 11:05:13 +0100
Subject: [PATCH 4/6] vnc/tls: Add some logging
Uses the log utility from libvncserver as it is related to the RFB
protocol rather than the session itself.
---
src/grd-vnc-tls.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/grd-vnc-tls.c b/src/grd-vnc-tls.c
index ec4758e..ac6c35f 100644
--- a/src/grd-vnc-tls.c
+++ b/src/grd-vnc-tls.c
@@ -67,6 +67,7 @@ grd_vnc_tls_context_new (void)
tls_context = g_new0 (GrdVncTlsContext, 1);
+ rfbLog ("TLS: Initializing gnutls context\n");
gnutls_global_init ();
gnutls_anon_allocate_server_credentials (&tls_context->anon_credentials);
@@ -127,6 +128,7 @@ perform_anon_tls_handshake (GrdVncTlsSession *tls_session,
ret = gnutls_handshake (tls_session->tls_session);
if (ret != GNUTLS_E_SUCCESS && !gnutls_error_is_fatal (ret))
{
+ rfbLog ("TLS: More handshake pending\n");
tls_session->handshake_state = GRD_TLS_HANDSHAKE_STATE_DURING;
return TRUE;
}
@@ -140,6 +142,8 @@ perform_anon_tls_handshake (GrdVncTlsSession *tls_session,
return FALSE;
}
+ rfbLog ("TLS: Handshake finished");
+
tls_session->handshake_state = GRD_TLS_HANDSHAKE_STATE_FINISHED;
return TRUE;
}
@@ -373,6 +377,7 @@ perform_handshake (GrdSessionVnc *session_vnc,
break;
case GRD_TLS_HANDSHAKE_STATE_FINISHED:
grd_session_vnc_ungrab_socket (session_vnc, tls_handshake_grab_func);
+ rfbLog ("TLS: Sending post-channel security security list\n");
rfbSendSecurityTypeList (grd_session_vnc_get_rfb_client (session_vnc),
RFB_SECURITY_TAG_CHANNEL);
break;
@@ -387,6 +392,7 @@ tls_handshake_grab_func (GrdSessionVnc *session_vnc,
{
g_autoptr (GError) handshake_error = NULL;
+ rfbLog ("TLS: Continuing handshake\n");
if (!perform_handshake (session_vnc, &handshake_error))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
@@ -404,6 +410,8 @@ rfb_tls_security_handler (rfbClientPtr rfb_client)
GrdVncTlsSession *tls_session;
g_autoptr(GError) error = NULL;
+ rfbLog ("TLS: Setting up rfbClient for gnutls encrypted traffic\n");
+
tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc);
if (!tls_session)
{
@@ -424,6 +432,7 @@ rfb_tls_security_handler (rfbClientPtr rfb_client)
grd_session_vnc_grab_socket (session_vnc, tls_handshake_grab_func);
}
+ rfbLog ("TLS: Performing handshake\n");
if (!perform_handshake (session_vnc, &error))
{
g_warning ("TLS handshake failed: %s", error->message);
--
2.26.2
From e01d27dc9911f4d7ecfd232c7e389f4dabfd87de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 11:07:40 +0100
Subject: [PATCH 5/6] vnc/tls: Dispatch also when data is pending outside of
the socket
gnutls may have data available in its buffers, and we have our own peek
buffer temporarly storing data later to be processed. This would missed
by the socket source, as it wouldn't get any notification about it from
epoll(). Deal with this by adding a custom source that dispatches as
long as there is data to read in those buffers.
---
src/grd-session-vnc.h | 2 +
src/grd-vnc-tls.c | 90 ++++++++++++++++++++++++++++++++++++++++---
2 files changed, 86 insertions(+), 6 deletions(-)
diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
index 58f635c..0d01ad3 100644
--- a/src/grd-session-vnc.h
+++ b/src/grd-session-vnc.h
@@ -72,6 +72,8 @@ void grd_session_vnc_grab_socket (GrdSessionVnc *session_vnc,
void grd_session_vnc_ungrab_socket (GrdSessionVnc *session_vnc,
GrdVncSocketGrabFunc grab_func);
+gboolean grd_session_vnc_is_paused (GrdSessionVnc *session_vnc);
+
void grd_session_vnc_dispatch (GrdSessionVnc *session_vnc);
GrdVncServer * grd_session_vnc_get_vnc_server (GrdSessionVnc *session_vnc);
diff --git a/src/grd-vnc-tls.c b/src/grd-vnc-tls.c
index ac6c35f..312b6b9 100644
--- a/src/grd-vnc-tls.c
+++ b/src/grd-vnc-tls.c
@@ -41,6 +41,12 @@ typedef enum _GrdTlsHandshakeState
GRD_TLS_HANDSHAKE_STATE_FINISHED
} GrdTlsHandshakeState;
+typedef struct _PeekBufferSource
+{
+ GSource parent;
+ GrdSessionVnc *session_vnc;
+} PeekBufferSource;
+
typedef struct _GrdVncTlsSession
{
GrdVncTlsContext *tls_context;
@@ -53,6 +59,8 @@ typedef struct _GrdVncTlsSession
char *peek_buffer;
int peek_buffer_size;
int peek_buffer_len;
+
+ GSource *peek_buffer_source;
} GrdVncTlsSession;
static gboolean
@@ -299,13 +307,9 @@ grd_vnc_tls_peek_at_socket (rfbClientPtr rfb_client,
return peekable_len;
}
-static rfbBool
-grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client)
+static gboolean
+grd_vnc_tls_session_has_pending_data (GrdVncTlsSession *tls_session)
{
- GrdSessionVnc *session_vnc = rfb_client->screen->screenData;
- GrdVncTlsSession *tls_session =
- grd_vnc_tls_session_from_vnc_session (session_vnc);
-
if (tls_session->peek_buffer_len > 0)
return TRUE;
@@ -315,6 +319,16 @@ grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client)
return FALSE;
}
+static rfbBool
+grd_vnc_tls_has_pending_on_socket (rfbClientPtr rfb_client)
+{
+ GrdSessionVnc *session_vnc = rfb_client->screen->screenData;
+ GrdVncTlsSession *tls_session =
+ grd_vnc_tls_session_from_vnc_session (session_vnc);
+
+ return grd_vnc_tls_session_has_pending_data (tls_session);
+}
+
static int
grd_vnc_tls_write_to_socket (rfbClientPtr rfb_client,
const char *buf,
@@ -403,6 +417,62 @@ tls_handshake_grab_func (GrdSessionVnc *session_vnc,
return TRUE;
}
+static gboolean
+peek_buffer_source_prepare (GSource *source,
+ int *timeout)
+{
+ PeekBufferSource *psource = (PeekBufferSource *) source;
+ GrdSessionVnc *session_vnc = psource->session_vnc;
+ GrdVncTlsSession *tls_session =
+ grd_vnc_tls_session_from_vnc_session (session_vnc);
+
+ return grd_vnc_tls_session_has_pending_data (tls_session);
+}
+
+static gboolean
+peek_buffer_source_dispatch (GSource *source,
+ GSourceFunc callback,
+ gpointer user_data)
+{
+ PeekBufferSource *psource = (PeekBufferSource *) source;
+ GrdSessionVnc *session_vnc = psource->session_vnc;
+
+ grd_session_vnc_dispatch (session_vnc);
+
+ return G_SOURCE_CONTINUE;
+}
+
+static GSourceFuncs peek_buffer_source_funcs = {
+ .prepare = peek_buffer_source_prepare,
+ .dispatch = peek_buffer_source_dispatch,
+};
+
+static void
+attach_peek_buffer_source (GrdSessionVnc *session_vnc)
+{
+ GrdVncTlsSession *tls_session;
+
+ tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc);
+ tls_session->peek_buffer_source = g_source_new (&peek_buffer_source_funcs,
+ sizeof (PeekBufferSource));
+ ((PeekBufferSource *) tls_session->peek_buffer_source)->session_vnc =
+ session_vnc;
+ g_source_set_priority (tls_session->peek_buffer_source,
+ G_PRIORITY_DEFAULT + 1);
+
+ g_source_attach (tls_session->peek_buffer_source, NULL);
+}
+
+static void
+detach_peek_buffer_source (GrdSessionVnc *session_vnc)
+{
+ GrdVncTlsSession *tls_session;
+
+ tls_session = grd_vnc_tls_session_from_vnc_session (session_vnc);
+
+ g_clear_pointer (&tls_session->peek_buffer_source, g_source_destroy);
+}
+
static void
rfb_tls_security_handler (rfbClientPtr rfb_client)
{
@@ -429,6 +499,14 @@ rfb_tls_security_handler (rfbClientPtr rfb_client)
rfb_client->hasPendingOnSocket = grd_vnc_tls_has_pending_on_socket;
rfb_client->writeToSocket = grd_vnc_tls_write_to_socket;
+ if (!grd_session_vnc_is_paused (session_vnc))
+ attach_peek_buffer_source (session_vnc);
+
+ g_signal_connect (session_vnc, "paused",
+ G_CALLBACK (detach_peek_buffer_source), NULL);
+ g_signal_connect (session_vnc, "resumed",
+ G_CALLBACK (attach_peek_buffer_source), NULL);
+
grd_session_vnc_grab_socket (session_vnc, tls_handshake_grab_func);
}
--
2.26.2
From 682f3b4a8e985f00a00e761a086a15cb5e2b9b04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 27 Nov 2019 16:48:00 +0100
Subject: [PATCH 6/6] session-vnc: Set our own password handling function up
front
libvncserver decides whether to register a auth security handler
depending on whether the password data is set or not. When we use the
prompt auth method, we don't want to ask for password, so set the
password data to NULL.
Also, to be a bit more in control of the password mechanism, always set
the password function up front, instead of just when the client uses the
password prompt.
---
src/grd-session-vnc.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
index 29c94a1..ebe1540 100644
--- a/src/grd-session-vnc.c
+++ b/src/grd-session-vnc.c
@@ -91,11 +91,6 @@ grd_session_vnc_pause (GrdSessionVnc *session_vnc);
static gboolean
close_session_idle (gpointer user_data);
-static rfbBool
-check_rfb_password (rfbClientPtr rfb_client,
- const char *response_encrypted,
- int len);
-
static void
swap_uint8 (uint8_t *a,
uint8_t *b)
@@ -310,7 +305,6 @@ handle_new_client (rfbClientPtr rfb_client)
grd_session_vnc_pause (session_vnc);
return RFB_CLIENT_ON_HOLD;
case GRD_VNC_AUTH_METHOD_PASSWORD:
- session_vnc->rfb_screen->passwordCheck = check_rfb_password;
/*
* authPasswdData needs to be non NULL in libvncserver to trigger
* password authentication.
@@ -594,6 +588,8 @@ init_vnc_session (GrdSessionVnc *session_vnc)
rfb_screen->frameBuffer = g_malloc0 (screen_width * screen_height * 4);
memset (rfb_screen->frameBuffer, 0x1f, screen_width * screen_height * 4);
+ rfb_screen->passwordCheck = check_rfb_password;
+
rfbInitServer (rfb_screen);
rfbProcessEvents (rfb_screen, 0);
}
--
2.26.2

71
0001-vnc-Copy-pixels-using-the-right-destination-stride.patch Normal file
View File

@ -0,0 +1,71 @@
From 81172effba7c70d3b2932c67be79a2924eae9d73 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Mon, 12 Oct 2020 17:34:30 +0200
Subject: [PATCH] vnc: Copy pixels using the right destination stride
We're copying the pixels in a separate thread managed by PipeWire, and
in this thread, accessing the VNC framebuffer dimension and stride is
racy. Instead of fetching the dimension directly, pass the expected
width and get the stride it will eventually have.
Already before this patch, when the copied pixel end up on the main
thread and the dimension still doesn't match up, the frame will be
dropped.
---
src/grd-session-vnc.c | 5 +++--
src/grd-session-vnc.h | 3 ++-
src/grd-vnc-pipewire-stream.c | 5 +++--
3 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
index 69fb33d..f4835aa 100644
--- a/src/grd-session-vnc.c
+++ b/src/grd-session-vnc.c
@@ -535,9 +535,10 @@ grd_session_vnc_get_fd (GrdSessionVnc *session_vnc)
}
int
-grd_session_vnc_get_framebuffer_stride (GrdSessionVnc *session_vnc)
+grd_session_vnc_get_stride_for_width (GrdSessionVnc *session_vnc,
+ int width)
{
- return session_vnc->rfb_screen->paddedWidthInBytes;
+ return width * BGRX_BYTES_PER_PIXEL;
}
rfbClientPtr
diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
index 0d01ad3..ccd046c 100644
--- a/src/grd-session-vnc.h
+++ b/src/grd-session-vnc.h
@@ -60,7 +60,8 @@ void grd_session_vnc_move_cursor (GrdSessionVnc *session_vnc,
int grd_session_vnc_get_fd (GrdSessionVnc *session_vnc);
-int grd_session_vnc_get_framebuffer_stride (GrdSessionVnc *session_vnc);
+int grd_session_vnc_get_stride_for_width (GrdSessionVnc *session_vnc,
+ int width);
gboolean grd_session_vnc_is_client_gone (GrdSessionVnc *session_vnc);
diff --git a/src/grd-vnc-pipewire-stream.c b/src/grd-vnc-pipewire-stream.c
index 96dd7c9..82ceb9b 100644
--- a/src/grd-vnc-pipewire-stream.c
+++ b/src/grd-vnc-pipewire-stream.c
@@ -326,10 +326,11 @@ process_buffer (GrdVncPipeWireStream *stream,
int height;
int y;
- src_stride = buffer->datas[0].chunk->stride;
- dst_stride = grd_session_vnc_get_framebuffer_stride (stream->session);
height = stream->spa_format.size.height;
width = stream->spa_format.size.width;
+ src_stride = buffer->datas[0].chunk->stride;
+ dst_stride = grd_session_vnc_get_stride_for_width (stream->session,
+ width);
frame->data = g_malloc (height * dst_stride);
for (y = 0; y < height; y++)
--
2.28.0

80
0001-vnc-Drop-frames-if-client-is-gone.patch Normal file
View File

@ -0,0 +1,80 @@
From ab97841629f5f3f4fab9993b6255b6ae04828b9c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Wed, 9 Sep 2020 10:14:20 +0200
Subject: [PATCH] vnc: Drop frames if client is gone
Frames from PipeWire are posted asynchronously from a I/O thread to the
main thread where they are turned into VNC frame updates and cursor
movements. On the other hand, sessions are closed asynchronously when
the VNC client disappears. If a frame ended up on the main thread after
a client disappeared but before the session and stream was closed, we'd
try to turn the new frames into VNC updates without a client being
available, causing use after free.
Fix this by dropping frames that happens during this time frame.
Closes: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/43
---
src/grd-session-vnc.c | 7 +++++++
src/grd-session-vnc.h | 2 ++
src/grd-vnc-pipewire-stream.c | 8 ++++++++
3 files changed, 17 insertions(+)
diff --git a/src/grd-session-vnc.c b/src/grd-session-vnc.c
index 813838a..a06d34d 100644
--- a/src/grd-session-vnc.c
+++ b/src/grd-session-vnc.c
@@ -209,6 +209,12 @@ maybe_queue_close_session_idle (GrdSessionVnc *session_vnc)
g_idle_add (close_session_idle, session_vnc);
}
+gboolean
+grd_session_vnc_is_client_gone (GrdSessionVnc *session_vnc)
+{
+ return !session_vnc->rfb_client;
+}
+
static void
handle_client_gone (rfbClientPtr rfb_client)
{
@@ -218,6 +224,7 @@ handle_client_gone (rfbClientPtr rfb_client)
grd_session_vnc_detach_source (session_vnc);
maybe_queue_close_session_idle (session_vnc);
+ session_vnc->rfb_client = NULL;
}
static void
diff --git a/src/grd-session-vnc.h b/src/grd-session-vnc.h
index 579a12a..07678c8 100644
--- a/src/grd-session-vnc.h
+++ b/src/grd-session-vnc.h
@@ -57,4 +57,6 @@ void grd_session_vnc_move_cursor (GrdSessionVnc *session_vnc,
int grd_session_vnc_get_framebuffer_stride (GrdSessionVnc *session_vnc);
+gboolean grd_session_vnc_is_client_gone (GrdSessionVnc *session_vnc);
+
#endif /* GRD_SESSION_VNC_H */
diff --git a/src/grd-vnc-pipewire-stream.c b/src/grd-vnc-pipewire-stream.c
index 78793c4..96dd7c9 100644
--- a/src/grd-vnc-pipewire-stream.c
+++ b/src/grd-vnc-pipewire-stream.c
@@ -234,6 +234,14 @@ do_render (struct spa_loop *loop,
if (!frame)
return 0;
+ if (grd_session_vnc_is_client_gone (stream->session))
+ {
+ g_free (frame->data);
+ g_clear_pointer (&frame->rfb_cursor, rfbFreeCursor);
+ g_free (frame);
+ return 0;
+ }
+
if (frame->rfb_cursor)
grd_session_vnc_set_cursor (stream->session, frame->rfb_cursor);
--
2.26.2

10
gnome-remote-desktop.spec
View File

@ -1,13 +1,14 @@
Name: gnome-remote-desktop
Version: 0.1.9
Release: 1
Release: 2
Summary: Screen share service of GNOME Remote Desktop
License: GPLv2+
URL: https://gitlab.gnome.org/jadahl/gnome-remote-desktop
Source0: https://download.gnome.org/sources/gnome-remote-desktop/0.1/%{name}-%{version}.tar.xz
Patch00001: 0001-vnc-Add-anonymous-TLS-encryption-support.patch
Patch00001: 0001-vnc-Drop-frames-if-client-is-gone.patch
Patch00002: 0001-vnc-Add-anonymous-TLS-encryption-support.patch
Patch00003: 0001-vnc-Copy-pixels-using-the-right-destination-stride.patch
BuildRequires: meson >= 0.47.0 pkgconfig pkgconfig(glib-2.0) >= 2.32 pkgconfig(gio-unix-2.0) >= 2.32
BuildRequires: pkgconfig(libpipewire-0.3) >= 0.3.0 pkgconfig(libvncserver) >= 0.9.11-7 pkgconfig(libsecret-1)
BuildRequires: pkgconfig(libnotify) pkgconfig(gnutls) systemd pkgconfig(freerdp2)
@ -45,6 +46,9 @@ GNOME Remote Desktop is a remote desktop daemon for GNOME using pipewire.
%{_userunitdir}/gnome-remote-desktop.service
%changelog
* Mon Sep 27 2021 Wenlong Ding <wenlong.ding@turbolinux.com.cn> - 0.1.9-2
- Add 2 patch to fix core-dump when start gnome-remote-desktop.service
* Wed Jun 30 2021 weijin deng <weijin.deng@turbolinux.com.cn> - 0.1.9-1
- Upgrade to 0.1.9
- Delete patches whose content existed or target patch file not existed in this version 0.1.9