diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..82808ae --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,21 @@ +image: docker +services: + - docker:dind + +stages: + - build + +build: + stage: build + script: + - ls -l + - pwd + - apk add bash + - bash builder/build-tarball + - bash builder/build-deb + - mkdir output + - cp builder/build/kasmvncserver_*.deb output/ + - cp builder/build/kasmvnc.*.tar.gz output/ + artifacts: + paths: + - output/ diff --git a/common/network/TcpSocket.cxx b/common/network/TcpSocket.cxx index f5476e8..ab05eeb 100644 --- a/common/network/TcpSocket.cxx +++ b/common/network/TcpSocket.cxx @@ -423,7 +423,7 @@ extern settings_t settings; WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr, socklen_t listenaddrlen, - bool sslonly, const char *cert, + bool sslonly, const char *cert, const char *certkey, const char *basicauth, const char *httpdir) { @@ -496,7 +496,7 @@ WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr, settings.basicauth = basicauth; settings.cert = cert; - settings.key = ""; + settings.key = certkey; settings.ssl_only = sslonly; settings.verbose = vlog.getLevel() >= vlog.LEVEL_DEBUG; settings.httpdir = NULL; @@ -673,7 +673,7 @@ void network::createTcpListeners(std::list *listeners, void network::createWebsocketListeners(std::list *listeners, const struct addrinfo *ai, - bool sslonly, const char *cert, + bool sslonly, const char *cert, const char *certkey, const char *basicauth, const char *httpdir) { @@ -701,7 +701,7 @@ void network::createWebsocketListeners(std::list *listeners, try { new_listeners.push_back(new WebsocketListener(current->ai_addr, current->ai_addrlen, - sslonly, cert, basicauth, + sslonly, cert, certkey, basicauth, httpdir)); } catch (SocketException& e) { // Ignore this if it is due to lack of address family support on @@ -729,6 +729,7 @@ void network::createWebsocketListeners(std::list *listeners, const char *addr, bool sslonly, const char *cert, + const char *certkey, const char *basicauth, const char *httpdir) { @@ -757,7 +758,7 @@ void network::createWebsocketListeners(std::list *listeners, ai[1].ai_addrlen = sizeof(sa[1].u.sin6); ai[1].ai_next = NULL; - createWebsocketListeners(listeners, ai, sslonly, cert, basicauth, httpdir); + createWebsocketListeners(listeners, ai, sslonly, cert, certkey, basicauth, httpdir); } else { struct addrinfo *ai, hints; char service[16]; @@ -780,7 +781,7 @@ void network::createWebsocketListeners(std::list *listeners, gai_strerror(result)); try { - createWebsocketListeners(listeners, ai, sslonly, cert, basicauth, httpdir); + createWebsocketListeners(listeners, ai, sslonly, cert, certkey, basicauth, httpdir); } catch(...) { freeaddrinfo(ai); throw; diff --git a/common/network/TcpSocket.h b/common/network/TcpSocket.h index 2f743e8..57a8629 100644 --- a/common/network/TcpSocket.h +++ b/common/network/TcpSocket.h @@ -90,7 +90,8 @@ namespace network { class WebsocketListener : public SocketListener { public: WebsocketListener(const struct sockaddr *listenaddr, socklen_t listenaddrlen, - bool sslonly, const char *cert, const char *basicauth, + bool sslonly, const char *cert, const char *certkey, + const char *basicauth, const char *httpdir); virtual int getMyPort(); @@ -110,6 +111,7 @@ namespace network { const char *addr, bool sslonly, const char *cert, + const char *certkey, const char *basicauth, const char *httpdir); void createTcpListeners(std::list *listeners, @@ -121,6 +123,7 @@ namespace network { const struct addrinfo *ai, bool sslonly, const char *cert, + const char *certkey, const char *basicauth, const char *httpdir); diff --git a/common/rfb/EncodeManager.cxx b/common/rfb/EncodeManager.cxx index a32e08c..f5f088c 100644 --- a/common/rfb/EncodeManager.cxx +++ b/common/rfb/EncodeManager.cxx @@ -1181,38 +1181,13 @@ uint8_t EncodeManager::getEncoderType(const Rect& rect, const PixelBuffer *pb, const PixelBuffer *scaledpb, const Rect& scaledrect) const { struct RectInfo info; - unsigned int divisor, maxColours; + unsigned int maxColours = 256; PixelBuffer *ppb; Encoder *encoder; bool useRLE; EncoderType type; - // FIXME: This is roughly the algorithm previously used by the Tight - // encoder. It seems a bit backwards though, that higher - // compression setting means spending less effort in building - // a palette. It might be that they figured the increase in - // zlib setting compensated for the loss. - if (conn->cp.compressLevel == -1) - divisor = 2 * 8; - else - divisor = conn->cp.compressLevel * 8; - if (divisor < 4) - divisor = 4; - - maxColours = rect.area()/divisor; - - // Special exception inherited from the Tight encoder - if (activeEncoders[encoderFullColour] == encoderTightJPEG) { - if ((conn->cp.compressLevel != -1) && (conn->cp.compressLevel < 2)) - maxColours = 24; - else - maxColours = 96; - } - - if (maxColours < 2) - maxColours = 2; - encoder = encoders[activeEncoders[encoderIndexedRLE]]; if (maxColours > encoder->maxPaletteSize) maxColours = encoder->maxPaletteSize; diff --git a/kasmweb/app/ui.js b/kasmweb/app/ui.js index 42e1f28..952f109 100644 --- a/kasmweb/app/ui.js +++ b/kasmweb/app/ui.js @@ -13,7 +13,11 @@ window.addEventListener("load", function() { document.head.appendChild(loader); }); window.addEventListener("load", function() { - document.getElementById("noVNC_connect_button").click(); + var connect_btn_el = document.getElementById("noVNC_connect_button"); + if (typeof(connect_btn_el) != 'undefined' && connect_btn_el != null) + { + connect_btn_el.click(); + } }); import * as Log from '../core/util/logging.js'; diff --git a/kasmweb/core/rfb.js b/kasmweb/core/rfb.js index 74c13ae..407d451 100644 --- a/kasmweb/core/rfb.js +++ b/kasmweb/core/rfb.js @@ -1076,9 +1076,7 @@ export default class RFB extends EventTargetMixin { return false; } */ - if (!this._rfb_credentials.password) { - this._rfb_credentials.password = ""; - } + this._rfb_credentials.password = ""; // TODO(directxman12): make genDES not require an Array const challenge = Array.prototype.slice.call(this._sock.rQshiftBytes(16)); diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man index f2af360..f8ace17 100644 --- a/unix/xserver/hw/vnc/Xvnc.man +++ b/unix/xserver/hw/vnc/Xvnc.man @@ -315,6 +315,12 @@ Listen for websocket connections on this port, default 6800. SSL pem cert to use for websocket connections, default empty/not used. . .TP +.B \-key \fIpath\fP +SSL pem key to use for websocket connections, default empty/not used. +Only use this if you have the cert and key in separate files. If they +are in the same file, use \fB-cert\fP. +. +.TP .B \-sslOnly Require SSL for websocket connections. Default off, non-SSL allowed. . diff --git a/unix/xserver/hw/vnc/vncExtInit.cc b/unix/xserver/hw/vnc/vncExtInit.cc index 7e1accd..057ceb5 100644 --- a/unix/xserver/hw/vnc/vncExtInit.cc +++ b/unix/xserver/hw/vnc/vncExtInit.cc @@ -87,6 +87,7 @@ rfb::BoolParameter noWebsocket("noWebsocket", false); rfb::IntParameter websocketPort("websocketPort", "websocket port to listen for", 6800); rfb::StringParameter cert("cert", "SSL pem cert to use for websocket connections", ""); +rfb::StringParameter certkey("key", "SSL pem key to use for websocket connections (if separate)", ""); rfb::BoolParameter sslonly("sslOnly", "Require SSL for websockets", false); rfb::StringParameter basicauth("BasicAuth", "user:pass for HTTP basic auth for websockets", ""); rfb::StringParameter interface("interface", @@ -224,7 +225,7 @@ void vncExtensionInit(void) if (!noWebsocket) network::createWebsocketListeners(&listeners, websocketPort, localhostOnly ? "local" : addr, - sslonly, cert, basicauth, httpDir); + sslonly, cert, certkey, basicauth, httpDir); else if (localhostOnly) network::createLocalTcpListeners(&listeners, port); else