From 83c83f43ef76bf0eb1361c811ac66e56c8ee8f0e Mon Sep 17 00:00:00 2001 From: Lauri Kasanen Date: Fri, 15 Jan 2021 13:07:53 +0200 Subject: [PATCH 1/7] Add a parameter for separate SSL key --- common/network/TcpSocket.cxx | 13 +++++++------ common/network/TcpSocket.h | 5 ++++- unix/xserver/hw/vnc/Xvnc.man | 6 ++++++ unix/xserver/hw/vnc/vncExtInit.cc | 3 ++- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/common/network/TcpSocket.cxx b/common/network/TcpSocket.cxx index f5476e8..ab05eeb 100644 --- a/common/network/TcpSocket.cxx +++ b/common/network/TcpSocket.cxx @@ -423,7 +423,7 @@ extern settings_t settings; WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr, socklen_t listenaddrlen, - bool sslonly, const char *cert, + bool sslonly, const char *cert, const char *certkey, const char *basicauth, const char *httpdir) { @@ -496,7 +496,7 @@ WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr, settings.basicauth = basicauth; settings.cert = cert; - settings.key = ""; + settings.key = certkey; settings.ssl_only = sslonly; settings.verbose = vlog.getLevel() >= vlog.LEVEL_DEBUG; settings.httpdir = NULL; @@ -673,7 +673,7 @@ void network::createTcpListeners(std::list *listeners, void network::createWebsocketListeners(std::list *listeners, const struct addrinfo *ai, - bool sslonly, const char *cert, + bool sslonly, const char *cert, const char *certkey, const char *basicauth, const char *httpdir) { @@ -701,7 +701,7 @@ void network::createWebsocketListeners(std::list *listeners, try { new_listeners.push_back(new WebsocketListener(current->ai_addr, current->ai_addrlen, - sslonly, cert, basicauth, + sslonly, cert, certkey, basicauth, httpdir)); } catch (SocketException& e) { // Ignore this if it is due to lack of address family support on @@ -729,6 +729,7 @@ void network::createWebsocketListeners(std::list *listeners, const char *addr, bool sslonly, const char *cert, + const char *certkey, const char *basicauth, const char *httpdir) { @@ -757,7 +758,7 @@ void network::createWebsocketListeners(std::list *listeners, ai[1].ai_addrlen = sizeof(sa[1].u.sin6); ai[1].ai_next = NULL; - createWebsocketListeners(listeners, ai, sslonly, cert, basicauth, httpdir); + createWebsocketListeners(listeners, ai, sslonly, cert, certkey, basicauth, httpdir); } else { struct addrinfo *ai, hints; char service[16]; @@ -780,7 +781,7 @@ void network::createWebsocketListeners(std::list *listeners, gai_strerror(result)); try { - createWebsocketListeners(listeners, ai, sslonly, cert, basicauth, httpdir); + createWebsocketListeners(listeners, ai, sslonly, cert, certkey, basicauth, httpdir); } catch(...) { freeaddrinfo(ai); throw; diff --git a/common/network/TcpSocket.h b/common/network/TcpSocket.h index 2f743e8..57a8629 100644 --- a/common/network/TcpSocket.h +++ b/common/network/TcpSocket.h @@ -90,7 +90,8 @@ namespace network { class WebsocketListener : public SocketListener { public: WebsocketListener(const struct sockaddr *listenaddr, socklen_t listenaddrlen, - bool sslonly, const char *cert, const char *basicauth, + bool sslonly, const char *cert, const char *certkey, + const char *basicauth, const char *httpdir); virtual int getMyPort(); @@ -110,6 +111,7 @@ namespace network { const char *addr, bool sslonly, const char *cert, + const char *certkey, const char *basicauth, const char *httpdir); void createTcpListeners(std::list *listeners, @@ -121,6 +123,7 @@ namespace network { const struct addrinfo *ai, bool sslonly, const char *cert, + const char *certkey, const char *basicauth, const char *httpdir); diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man index f2af360..f8ace17 100644 --- a/unix/xserver/hw/vnc/Xvnc.man +++ b/unix/xserver/hw/vnc/Xvnc.man @@ -315,6 +315,12 @@ Listen for websocket connections on this port, default 6800. SSL pem cert to use for websocket connections, default empty/not used. . .TP +.B \-key \fIpath\fP +SSL pem key to use for websocket connections, default empty/not used. +Only use this if you have the cert and key in separate files. If they +are in the same file, use \fB-cert\fP. +. +.TP .B \-sslOnly Require SSL for websocket connections. Default off, non-SSL allowed. . diff --git a/unix/xserver/hw/vnc/vncExtInit.cc b/unix/xserver/hw/vnc/vncExtInit.cc index 7e1accd..057ceb5 100644 --- a/unix/xserver/hw/vnc/vncExtInit.cc +++ b/unix/xserver/hw/vnc/vncExtInit.cc @@ -87,6 +87,7 @@ rfb::BoolParameter noWebsocket("noWebsocket", false); rfb::IntParameter websocketPort("websocketPort", "websocket port to listen for", 6800); rfb::StringParameter cert("cert", "SSL pem cert to use for websocket connections", ""); +rfb::StringParameter certkey("key", "SSL pem key to use for websocket connections (if separate)", ""); rfb::BoolParameter sslonly("sslOnly", "Require SSL for websockets", false); rfb::StringParameter basicauth("BasicAuth", "user:pass for HTTP basic auth for websockets", ""); rfb::StringParameter interface("interface", @@ -224,7 +225,7 @@ void vncExtensionInit(void) if (!noWebsocket) network::createWebsocketListeners(&listeners, websocketPort, localhostOnly ? "local" : addr, - sslonly, cert, basicauth, httpDir); + sslonly, cert, certkey, basicauth, httpDir); else if (localhostOnly) network::createLocalTcpListeners(&listeners, port); else From a4e70ff56bfa3421df9a6d508f2bfa7a96996ea8 Mon Sep 17 00:00:00 2001 From: Lauri Kasanen Date: Wed, 13 Jan 2021 11:55:21 +0200 Subject: [PATCH 2/7] Remove less-than-256-colors indexed limit for small rects --- common/rfb/EncodeManager.cxx | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/common/rfb/EncodeManager.cxx b/common/rfb/EncodeManager.cxx index a32e08c..f5f088c 100644 --- a/common/rfb/EncodeManager.cxx +++ b/common/rfb/EncodeManager.cxx @@ -1181,38 +1181,13 @@ uint8_t EncodeManager::getEncoderType(const Rect& rect, const PixelBuffer *pb, const PixelBuffer *scaledpb, const Rect& scaledrect) const { struct RectInfo info; - unsigned int divisor, maxColours; + unsigned int maxColours = 256; PixelBuffer *ppb; Encoder *encoder; bool useRLE; EncoderType type; - // FIXME: This is roughly the algorithm previously used by the Tight - // encoder. It seems a bit backwards though, that higher - // compression setting means spending less effort in building - // a palette. It might be that they figured the increase in - // zlib setting compensated for the loss. - if (conn->cp.compressLevel == -1) - divisor = 2 * 8; - else - divisor = conn->cp.compressLevel * 8; - if (divisor < 4) - divisor = 4; - - maxColours = rect.area()/divisor; - - // Special exception inherited from the Tight encoder - if (activeEncoders[encoderFullColour] == encoderTightJPEG) { - if ((conn->cp.compressLevel != -1) && (conn->cp.compressLevel < 2)) - maxColours = 24; - else - maxColours = 96; - } - - if (maxColours < 2) - maxColours = 2; - encoder = encoders[activeEncoders[encoderIndexedRLE]]; if (maxColours > encoder->maxPaletteSize) maxColours = encoder->maxPaletteSize; From 2813e7fe09ce670d1bd96bc5c55accd1503bcc44 Mon Sep 17 00:00:00 2001 From: matt Date: Mon, 18 Jan 2021 18:58:31 +0000 Subject: [PATCH 3/7] Fixes to webcode for Kasm CDI --- kasmweb/app/ui.js | 6 +++++- kasmweb/core/rfb.js | 4 +--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/kasmweb/app/ui.js b/kasmweb/app/ui.js index 42e1f28..952f109 100644 --- a/kasmweb/app/ui.js +++ b/kasmweb/app/ui.js @@ -13,7 +13,11 @@ window.addEventListener("load", function() { document.head.appendChild(loader); }); window.addEventListener("load", function() { - document.getElementById("noVNC_connect_button").click(); + var connect_btn_el = document.getElementById("noVNC_connect_button"); + if (typeof(connect_btn_el) != 'undefined' && connect_btn_el != null) + { + connect_btn_el.click(); + } }); import * as Log from '../core/util/logging.js'; diff --git a/kasmweb/core/rfb.js b/kasmweb/core/rfb.js index 74c13ae..407d451 100644 --- a/kasmweb/core/rfb.js +++ b/kasmweb/core/rfb.js @@ -1076,9 +1076,7 @@ export default class RFB extends EventTargetMixin { return false; } */ - if (!this._rfb_credentials.password) { - this._rfb_credentials.password = ""; - } + this._rfb_credentials.password = ""; // TODO(directxman12): make genDES not require an Array const challenge = Array.prototype.slice.call(this._sock.rQshiftBytes(16)); From 48bc79162a72bd7cb05603e4ad8318ab6c68203c Mon Sep 17 00:00:00 2001 From: Kasm <44181855+kasmtech@users.noreply.github.com> Date: Mon, 18 Jan 2021 13:12:23 -0600 Subject: [PATCH 4/7] Added gitlab pipeline --- .gitlab-ci.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..99f1289 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,19 @@ +image: docker +services: + - docker:dind + +stages: + - build + +build: + image: ubuntu:xenial + stage: build + script: + - builder/build-tarball + - builder/build-deb + - mkdir output + - cp builder/build/kasmvncserver_*.deb output/ + - cp builder/build/kasmvnc.*.tar.gz output/ + artifacts: + paths: + - output/ From 7e5c8c9ad3740df401e2ea90d45a0e5f447ef221 Mon Sep 17 00:00:00 2001 From: Kasm <44181855+kasmtech@users.noreply.github.com> Date: Mon, 18 Jan 2021 13:17:10 -0600 Subject: [PATCH 5/7] Update .gitlab-ci.yml --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 99f1289..5d91103 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,6 +9,8 @@ build: image: ubuntu:xenial stage: build script: + - ls -l + - pwd - builder/build-tarball - builder/build-deb - mkdir output From ec5a73c8ec2eebeaf118505db7e5a9999c815929 Mon Sep 17 00:00:00 2001 From: Kasm <44181855+kasmtech@users.noreply.github.com> Date: Mon, 18 Jan 2021 13:26:37 -0600 Subject: [PATCH 6/7] Update .gitlab-ci.yml --- .gitlab-ci.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5d91103..82a88fe 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,11 +6,8 @@ stages: - build build: - image: ubuntu:xenial stage: build script: - - ls -l - - pwd - builder/build-tarball - builder/build-deb - mkdir output From c1691b6895d81b850fce986e206cf09bc0598457 Mon Sep 17 00:00:00 2001 From: Kasm <44181855+kasmtech@users.noreply.github.com> Date: Mon, 18 Jan 2021 13:30:05 -0600 Subject: [PATCH 7/7] Update .gitlab-ci.yml --- .gitlab-ci.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 82a88fe..82808ae 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,8 +8,11 @@ stages: build: stage: build script: - - builder/build-tarball - - builder/build-deb + - ls -l + - pwd + - apk add bash + - bash builder/build-tarball + - bash builder/build-deb - mkdir output - cp builder/build/kasmvncserver_*.deb output/ - cp builder/build/kasmvnc.*.tar.gz output/