vncserver: fix case of -websocketPort not specified

Newer Python is available in Ubuntu Focal.

.ci/upload.sh

@@ -6,27 +6,6 @@ is_kasmvnc() {
   echo "$package" | grep -q 'kasmvncserver_'
 }
 
-detect_deb_package_arch() {
-  local deb_package="$1"
-  echo "$deb_package" | sed -e 's/.\+_\([^.]\+\)\.\(d\?\)deb/\1/'
-}
-
-find_deb_package() {
-  local dbgsym_package="$1"
-
-  echo "$dbgsym_package" | sed -e 's/-dbgsym//; s/ddeb/deb/'
-}
-
-fetch_xvnc_md5sum() {
-  local deb_package="$1"
-  deb_package=$(realpath "$deb_package")
-
-  local tmpdir=$(mktemp -d)
-  cd "$tmpdir"
-  dpkg-deb -e "$deb_package"
-  cat DEBIAN/md5sums | grep bin/Xkasmvnc | cut -d' ' -f 1
-}
-
 function prepare_upload_filename() {
   local package="$1";
 
@@ -55,18 +34,19 @@ function prepare_upload_filename() {
 function upload_to_s3() {
   local package="$1";
   local upload_filename="$2";
-  local s3_bucket="$3";
 
   # Transfer to S3
-  python3 amazon-s3-bitbucket-pipelines-python/s3_upload.py "${s3_bucket}" "$package" "${upload_filename}";
+  python3 amazon-s3-bitbucket-pipelines-python/s3_upload.py "${S3_BUCKET}" "$package" "${S3_BUILD_DIRECTORY}/${upload_filename}";
   # Use the Gitlab API to tell Gitlab where the artifact was stored
-  export S3_URL="https://${s3_bucket}.s3.amazonaws.com/${upload_filename}";
+  export S3_URL="https://${S3_BUCKET}.s3.amazonaws.com/${S3_BUILD_DIRECTORY}/${upload_filename}";
+  export BUILD_STATUS="{\"key\":\"doc\", \"state\":\"SUCCESSFUL\", \"name\":\"${upload_filename}\", \"url\":\"${S3_URL}\"}";
+  curl --request POST --header "PRIVATE-TOKEN:${GITLAB_API_TOKEN}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/statuses/${CI_COMMIT_SHA}?state=success&name=build-url&target_url=${S3_URL}";
 };
 
 function prepare_to_run_scripts_and_s3_uploads() {
   export DEBIAN_FRONTEND=noninteractive;
   apt-get update;
-  apt-get install -y ruby2.7 git wget;
+  apt-get install -y ruby2.7 git;
   apt-get install -y python3 python3-pip python3-boto3 curl pkg-config libxmlsec1-dev;
   git clone https://bitbucket.org/awslabs/amazon-s3-bitbucket-pipelines-python.git;
 };

.gitignore

@@ -21,4 +21,3 @@ debian/files
 debian/kasmvncserver.substvars
 debian/kasmvncserver/
 .pc
-.vscode/

.gitlab-ci.yml

@@ -3,370 +3,105 @@ services:
   - docker:dind
 
 variables:
-  KASMVNC_COMMIT_ID: $CI_COMMIT_SHA
   GITLAB_SHARED_DIND_DIR: /builds/$CI_PROJECT_PATH/shared
   GIT_SUBMODULE_STRATEGY: normal
   GIT_FETCH_EXTRA_FLAGS: --tags
-  # E.g. BUILD_JOBS: build_debian_buster,build_ubuntu_bionic. This will include
-  # arm builds, because build_debian_buster_arm matches build_debian_buster.
-  # "BUILD_JOBS: none" won't build any build jobs, nor www.
-  BUILD_JOBS: all
 
 stages:
-  - www
   - build
   - upload
 
 .prepare_build: &prepare_build
+  - ls -l
   - pwd
   - apk add bash
   - mkdir -p "$GITLAB_SHARED_DIND_DIR" && chmod 777 "$GITLAB_SHARED_DIND_DIR"
 
-.prepare_www: &prepare_www
-  - tar -zxf output/www/kasm_www.tar.gz -C builder/
-
 .prepare_artfacts: &prepare_artfacts
+  - mkdir output
   - cp -r builder/build/* output/
   - rm output/*.tar.gz
 
-build_www:
-  stage: www
-  allow_failure: false
-  before_script:
-    - *prepare_build
-  script:
-    - webpacked_www=$PWD/builder/www
-    - src_www=kasmweb
-    - docker build -t kasmweb/www -f builder/dockerfile.www.build .
-    - docker run --rm -v $PWD/builder/www:/build kasmweb/www:latest
-    - mkdir -p output/www
-    - cd builder
-    - tar -zcvf ../output/www/kasm_www.tar.gz www
-  only:
-    variables:
-      - $BUILD_JOBS !~ /^none$/
-  artifacts:
-    paths:
-      - output/
-
 build_ubuntu_bionic:
   stage: build
-  allow_failure: true
   before_script:
     - *prepare_build
-    - *prepare_www
   after_script:
     - *prepare_artfacts
   script:
     - bash builder/build-package ubuntu bionic
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
-build_ubuntu_bionic_arm:
-  stage: build
-  allow_failure: false
-  tags:
-    - arm
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package ubuntu bionic
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
   artifacts:
     paths:
       - output/
 
 build_ubuntu_bionic_libjpeg_turbo:
   stage: build
-  allow_failure: false
   before_script:
     - *prepare_build
-    - *prepare_www
   after_script:
     - *prepare_artfacts
   script:
     - bash builder/build-package ubuntu bionic +libjpeg-turbo_latest
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
   artifacts:
     paths:
       - output/
 
 build_ubuntu_focal:
   stage: build
-  allow_failure: true
   before_script:
     - *prepare_build
-    - *prepare_www
   after_script:
     - *prepare_artfacts
   script:
     - bash builder/build-package ubuntu focal;
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
-build_ubuntu_focal_arm:
-  stage: build
-  allow_failure: true
-  tags:
-    - arm
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package ubuntu focal;
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
-build_ubuntu_jammy:
-  stage: build
-  allow_failure: true
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package ubuntu jammy;
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
-build_ubuntu_jammy_arm:
-  stage: build
-  allow_failure: true
-  tags:
-    - arm
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package ubuntu jammy;
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
   artifacts:
     paths:
       - output/
 
 build_debian_buster:
   stage: build
-  allow_failure: true
   before_script:
     - *prepare_build
-    - *prepare_www
   after_script:
     - *prepare_artfacts
   script:
     - bash builder/build-package debian buster;
-  only:
-    variables:
-      - $CI_COMMIT_MESSAGE =~ /\[full [cC][Ii]\]/ || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
-build_debian_buster_arm:
-  stage: build
-  allow_failure: true
-  tags:
-    - arm
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package debian buster;
-  only:
-    variables:
-      - $CI_COMMIT_MESSAGE =~ /\[full [cC][Ii]\]/ || $BUILD_JOBS =~ $CI_JOB_NAME
   artifacts:
     paths:
       - output/
 
 build_debian_bullseye:
   stage: build
-  allow_failure: true
   before_script:
     - *prepare_build
-    - *prepare_www
   after_script:
     - *prepare_artfacts
   script:
     - bash builder/build-package debian bullseye;
-  only:
-    variables:
-      - $CI_COMMIT_MESSAGE =~ /\[full [cC][Ii]\]/ || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
-build_debian_bullseye_arm:
-  stage: build
-  allow_failure: true
-  tags:
-    - arm
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package debian bullseye;
-  only:
-    variables:
-      - $CI_COMMIT_MESSAGE =~ /\[full [cC][Ii]\]/ || $BUILD_JOBS =~ $CI_JOB_NAME
   artifacts:
     paths:
       - output/
 
 build_kali_rolling:
   stage: build
-  allow_failure: true
   before_script:
     - *prepare_build
-    - *prepare_www
   after_script:
     - *prepare_artfacts
   script:
     - bash builder/build-package kali kali-rolling;
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
-build_kali_rolling_arm:
-  stage: build
-  allow_failure: true
-  tags:
-    - arm
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package kali kali-rolling;
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
   artifacts:
     paths:
       - output/
 
 build_centos7:
   stage: build
-  allow_failure: true
   before_script:
     - *prepare_build
-    - *prepare_www
   after_script:
     - *prepare_artfacts
   script:
     - bash builder/build-package centos core
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
-build_oracle_8:
-  stage: build
-  allow_failure: true
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package oracle 8;
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
-build_oracle_8_arm:
-  stage: build
-  allow_failure: true
-  tags:
-    - arm
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package oracle 8;
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
-build_opensuse_15:
-  stage: build
-  allow_failure: true
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package opensuse 15;
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
-build_opensuse_15_arm:
-  stage: build
-  allow_failure: true
-  tags:
-    - arm
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package opensuse 15;
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
   artifacts:
     paths:
       - output/
@@ -377,25 +112,12 @@ upload:
   before_script:
     - . .ci/upload.sh
   script:
-    - prepare_to_run_scripts_and_s3_uploads
-    - S3_CRASHPAD_BUILD_DIRECTORY="kasmvnc/crashpad/${CI_COMMIT_SHA}"
-    - for dbgsym_package in `find output/ -type f -name '*dbgsym*deb'`; do
-        deb_package=$(find_deb_package "$dbgsym_package");
-        xvnc_md5sum=$(fetch_xvnc_md5sum "$deb_package");
-        upload_filename="${S3_CRASHPAD_BUILD_DIRECTORY}/${xvnc_md5sum}/kasmvncserver-dbgsym.deb";
-        echo;
-        echo "File to upload $upload_filename";
-        upload_to_s3 "$dbgsym_package" "$upload_filename" "$S3_BUCKET";
-        rm "$dbgsym_package";
-      done
     - export S3_BUILD_DIRECTORY="kasmvnc/${CI_COMMIT_SHA}"
+    - prepare_to_run_scripts_and_s3_uploads
     - export RELEASE_VERSION=$(.ci/next_release_version "$CI_COMMIT_REF_NAME")
     - for package in `find output/ -type f -name '*.deb' -or -name '*.rpm'`; do
         prepare_upload_filename "$package";
-        upload_filename="${S3_BUILD_DIRECTORY}/$upload_filename";
         echo;
         echo "File to upload $upload_filename";
-        upload_to_s3 "$package" "$upload_filename" "$S3_BUCKET";
-        UPLOAD_NAME=$(basename $upload_filename | sed 's#kasmvncserver_##' | sed -r 's#_([0-9]{1,3}\.){2}[0-9]{1,2}_\S+?([a-f0-9]{6})##' | sed -r 's#\.(deb|rpm)##');
-        curl --request POST --header "PRIVATE-TOKEN:${GITLAB_API_TOKEN}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/statuses/${CI_COMMIT_SHA}?state=success&name=${UPLOAD_NAME}&target_url=${S3_URL}";
+        upload_to_s3 "$package" "$upload_filename";
       done

.gitmodules

@@ -1,4 +1,4 @@
 [submodule "kasmweb"]
 	path = kasmweb
 	url = https://github.com/kasmtech/noVNC.git
-	branch = innovation/session_recording
+	branch = master

CMakeLists.txt

@@ -16,7 +16,6 @@ include(CheckLibraryExists)
 include(CheckTypeSize)
 include(CheckCSourceCompiles)
 include(CheckCXXSourceCompiles)
-include(CheckCXXCompilerFlag)
 include(CheckCSourceRuns)
 
 include(CMakeMacroLibtoolFile)
@@ -209,9 +208,6 @@ if(ENABLE_PAM)
 endif()
 set(HAVE_PAM ${ENABLE_PAM})
 
-# Check for SSE2
-check_cxx_compiler_flag(-msse2 COMPILER_SUPPORTS_SSE2)
-
 # Generate config.h and make sure the source finds it
 configure_file(config.h.in config.h)
 add_definitions(-DHAVE_CONFIG_H)

DEBUGGING.md

@@ -1,108 +0,0 @@
-# Debugging
-In the case where KasmVNC crashes and a backtrace is produced. Developers need a way to make the backtrace useful for debugging. This document covers where the backtrace is logged and how to use a debug symbol package and gdb to gain more information from the backtrace, such as filename, function name, and line number.
-
-## Test Symbolization
-If you want to induce a crash to test that you can symbolize a backtrace you can start KasmVNC and then issue the following command.
-
-    killall -SEGV Xvnc
-
-This will cause KasmVNC to terminate with a backtrace similar to the following. You will find the backtrace in the log file at $HOME/.vnc/$HOSTNAME:$DISPLAY.log where HOME is your user's profile path, HOSTNAME is the hostname of the system, and DISPLAY is the assigned display number for the session.
-
-    (EE) 
-    (EE) Backtrace:
-    (EE) 0: /usr/bin/Xvnc (xorg_backtrace+0x4d) [0x5e48dd]
-    (EE) 1: /usr/bin/Xvnc (0x400000+0x1e8259) [0x5e8259]
-    (EE) 2: /lib/x86_64-linux-gnu/libpthread.so.0 (0x7f5a57ef6000+0x12980) [0x7f5a57f08980]
-    (EE) 3: /lib/x86_64-linux-gnu/libc.so.6 (epoll_wait+0x57) [0x7f5a552eca47]
-    (EE) 4: /usr/bin/Xvnc (ospoll_wait+0x37) [0x5e8d07]
-    (EE) 5: /usr/bin/Xvnc (WaitForSomething+0x1c3) [0x5e2813]
-    (EE) 6: /usr/bin/Xvnc (Dispatch+0xa7) [0x597007]
-    (EE) 7: /usr/bin/Xvnc (dix_main+0x36e) [0x59b1fe]
-    (EE) 8: /lib/x86_64-linux-gnu/libc.so.6 (__libc_start_main+0xe7) [0x7f5a551ecbf7]
-    (EE) 9: /usr/bin/Xvnc (_start+0x2a) [0x46048a]
-    (EE) 
-    (EE) Received signal 11 sent by process 17182, uid 0
-    (EE) 
-    Fatal server error:
-    (EE) Caught signal 11 (Segmentation fault). Server aborting
-    (EE) 
-
-## Debug Symbol Package
-In order to make use of this backtrace, you will need to symbolize the backtrace. Each build of KasmVNC produced by our pipelines comes with a corresponding debug symbol package that can be downloaded. You need two pieces of information to get the package, the git commit ID of KasmVNC and the MD5 sum of Xkasmvnc binary on your system. 
-
-The git commit ID can be found using Xvnc -version:
-
-    ubuntu@matt-dev-vm-1:~$ Xvnc -version
-    Xvnc KasmVNC 0.9.94002f39917dca0ad82ac0c29a75c723b538b32b - built Feb 17 2022 15:21:01
-    Copyright (C) 1999-2018 KasmVNC Team and many others (see README.me)
-    See http://kasmweb.com for information on KasmVNC.
-    Underlying X server release 12010000, The X.Org Foundation
-
-The MD5 sum can be obtained using the md5sum command:
-
-    md5sum /usr/bin/Xkasmvnc
-    57ee7028239c5a737c0aeee4a34138c3  /usr/bin/Xkasmvnc
-    
-With these two pieces of information, you can get the debug symbol package at https://kasmweb-build-artifacts.s3.amazonaws.com/kasmvnc/crashpad/[COMMITID]/[MD5SUM]/kasmvncserver-dbgsym.deb, in the above example it would be.
-
-[https://kasmweb-build-artifacts.s3.amazonaws.com/kasmvnc/crashpad/94002f39917dca0ad82ac0c29a75c723b538b32b/57ee7028239c5a737c0aeee4a34138c3/kasmvncserver-dbgsym.deb](https://kasmweb-build-artifacts.s3.amazonaws.com/kasmvnc/crashpad/94002f39917dca0ad82ac0c29a75c723b538b32b/57ee7028239c5a737c0aeee4a34138c3/kasmvncserver-dbgsym.deb "https://kasmweb-build-artifacts.s3.amazonaws.com/kasmvnc/crashpad/94002f39917dca0ad82ac0c29a75c723b538b32b/57ee7028239c5a737c0aeee4a34138c3/kasmvncserver-dbgsym.deb")
-
-Use wget or curl to download the debug symbol package and then install it.
-
-    wget  https://kasmweb-build-artifacts.s3.amazonaws.com/kasmvnc/crashpad/94002f39917dca0ad82ac0c29a75c723b538b32b/57ee7028239c5a737c0aeee4a34138c3/kasmvncserver-dbgsym.deb
-    sudo dpkg -i kasmvncserver-dbgsym.deb
-
-## Symbolize a Backtrace
-With the KasmVNC binary and debug symbol package installed on the system, you can use gdb or addr2line to get more information, such as the filename, function name, and line number that the backtrace line is referring to. 
-
-Here is a single line from a backtrace. The following example shows how to retrieve additional information that can help with debugging the crash.
-(EE) 8: /usr/bin/Xvnc (0x400000+0x13e674) [**0x53e674**]
-
-    echo info line ***0x53eaaa** | gdb -q /usr/bin/Xkasmvnc
-    (gdb) Line 223 of "/src/common/network/webudp/Wu.cpp" starts at address 0x53e674 <WuClientSendPendingDTLS(WuClient*, Wu const*, Wu const*)+68>
-
-The following script will search the provide file for a backtrace and symbolize the entire backtrace.
-
-    #!/bin/bash
-      
-    FILENAME=$1
-    grep "(EE)" $FILENAME | while read -r line ; do
-            BACKTRACE=$(echo $line | grep -Po '\[[0-9a-f]x[a-f0-9]{1,}' | sed -r 's#\[##')
-            echo $line
-            if ! [ -z $BACKTRACE ] ; then
-                    SYMBOLIZED=$(echo "info line *${BACKTRACE}" | gdb /usr/bin/Xkasmvnc | grep "(gdb)" | grep -vP "\(gdb\)\s*quit$")
-                    echo "    ${SYMBOLIZED}"
-            fi
-    done
-
-Using this script on the above example backtrace produces the following output.
-
-    ubuntu@hostname-1:~$ bash symbolize.sh ~/.vnc/hostname-1\:10.log
-    (EE)
-    (EE) Backtrace:
-    (EE) 0: /usr/bin/Xvnc (xorg_backtrace+0x4d) [0x5e48dd]
-        (gdb) Line 130 of "backtrace.c" starts at address 0x5e48dd <xorg_backtrace+77> and ends at 0x5e4900 <xorg_backtrace+112>.
-    (EE) 1: /usr/bin/Xvnc (0x400000+0x1e8259) [0x5e8259]
-        (gdb) Line 138 of "osinit.c" starts at address 0x5e8259 <OsSigHandler+41> and ends at 0x5e8275 <OsSigHandler+69>.
-    (EE) 2: /lib/x86_64-linux-gnu/libpthread.so.0 (0x7f5a57ef6000+0x12980) [0x7f5a57f08980]
-        (gdb) No line number information available for address 0x7f5a57f08980
-    (EE) 3: /lib/x86_64-linux-gnu/libc.so.6 (epoll_wait+0x57) [0x7f5a552eca47]
-        (gdb) No line number information available for address 0x7f5a552eca47
-    (EE) 4: /usr/bin/Xvnc (ospoll_wait+0x37) [0x5e8d07]
-        (gdb) Line 643 of "ospoll.c" starts at address 0x5e8d07 <ospoll_wait+55> and ends at 0x5e8d09 <ospoll_wait+57>.
-    (EE) 5: /usr/bin/Xvnc (WaitForSomething+0x1c3) [0x5e2813]
-        (gdb) Line 210 of "WaitFor.c" starts at address 0x5e2813 <WaitForSomething+451> and ends at 0x5e2819 <WaitForSomething+457>.
-    (EE) 6: /usr/bin/Xvnc (Dispatch+0xa7) [0x597007]
-        (gdb) Line 421 of "dispatch.c" starts at address 0x596ffb <Dispatch+155> and ends at 0x59700b <Dispatch+171>.
-    (EE) 7: /usr/bin/Xvnc (dix_main+0x36e) [0x59b1fe]
-        (gdb) Line 278 of "main.c" starts at address 0x59b1fe <dix_main+878> and ends at 0x59b203 <dix_main+883>.
-    (EE) 8: /lib/x86_64-linux-gnu/libc.so.6 (__libc_start_main+0xe7) [0x7f5a551ecbf7]
-        (gdb) No line number information available for address 0x7f5a551ecbf7
-    (EE) 9: /usr/bin/Xvnc (_start+0x2a) [0x46048a]
-        (gdb) No line number information available for address 0x46048a <_start+42>
-    (EE)
-    (EE) Received signal 11 sent by process 17182, uid 0
-    (EE)
-    (EE) Caught signal 11 (Segmentation fault). Server aborting
-    (EE)
-

Pipfile

@@ -0,0 +1,15 @@
+[[source]]
+url = "https://pypi.python.org/simple"
+verify_ssl = true
+name = "pypi"
+
+[packages]
+mamba = "*"
+expects = "*"
+"path.py" = "*"
+pexpect = "*"
+
+[dev-packages]
+
+[requires]
+python_version = "3.8"

Pipfile.lock

@@ -0,0 +1,136 @@
+{
+    "_meta": {
+        "hash": {
+            "sha256": "6745d5e5d90e44a18d73a0e23bc3d3e68acb950af0b87df50b45272d25b9e615"
+        },
+        "pipfile-spec": 6,
+        "requires": {
+            "python_version": "3.8"
+        },
+        "sources": [
+            {
+                "name": "pypi",
+                "url": "https://pypi.python.org/simple",
+                "verify_ssl": true
+            }
+        ]
+    },
+    "default": {
+        "args": {
+            "hashes": [
+                "sha256:a785b8d837625e9b61c39108532d95b85274acd679693b71ebb5156848fcf814"
+            ],
+            "version": "==0.1.0"
+        },
+        "clint": {
+            "hashes": [
+                "sha256:05224c32b1075563d0b16d0015faaf9da43aa214e4a2140e51f08789e7a4c5aa"
+            ],
+            "version": "==0.5.1"
+        },
+        "coverage": {
+            "hashes": [
+                "sha256:004d1880bed2d97151facef49f08e255a20ceb6f9432df75f4eef018fdd5a78c",
+                "sha256:01d84219b5cdbfc8122223b39a954820929497a1cb1422824bb86b07b74594b6",
+                "sha256:040af6c32813fa3eae5305d53f18875bedd079960822ef8ec067a66dd8afcd45",
+                "sha256:06191eb60f8d8a5bc046f3799f8a07a2d7aefb9504b0209aff0b47298333302a",
+                "sha256:13034c4409db851670bc9acd836243aeee299949bd5673e11844befcb0149f03",
+                "sha256:13c4ee887eca0f4c5a247b75398d4114c37882658300e153113dafb1d76de529",
+                "sha256:184a47bbe0aa6400ed2d41d8e9ed868b8205046518c52464fde713ea06e3a74a",
+                "sha256:18ba8bbede96a2c3dde7b868de9dcbd55670690af0988713f0603f037848418a",
+                "sha256:1aa846f56c3d49205c952d8318e76ccc2ae23303351d9270ab220004c580cfe2",
+                "sha256:217658ec7187497e3f3ebd901afdca1af062b42cfe3e0dafea4cced3983739f6",
+                "sha256:24d4a7de75446be83244eabbff746d66b9240ae020ced65d060815fac3423759",
+                "sha256:2910f4d36a6a9b4214bb7038d537f015346f413a975d57ca6b43bf23d6563b53",
+                "sha256:2949cad1c5208b8298d5686d5a85b66aae46d73eec2c3e08c817dd3513e5848a",
+                "sha256:2a3859cb82dcbda1cfd3e6f71c27081d18aa251d20a17d87d26d4cd216fb0af4",
+                "sha256:2cafbbb3af0733db200c9b5f798d18953b1a304d3f86a938367de1567f4b5bff",
+                "sha256:2e0d881ad471768bf6e6c2bf905d183543f10098e3b3640fc029509530091502",
+                "sha256:30c77c1dc9f253283e34c27935fded5015f7d1abe83bc7821680ac444eaf7793",
+                "sha256:3487286bc29a5aa4b93a072e9592f22254291ce96a9fbc5251f566b6b7343cdb",
+                "sha256:372da284cfd642d8e08ef606917846fa2ee350f64994bebfbd3afb0040436905",
+                "sha256:41179b8a845742d1eb60449bdb2992196e211341818565abded11cfa90efb821",
+                "sha256:44d654437b8ddd9eee7d1eaee28b7219bec228520ff809af170488fd2fed3e2b",
+                "sha256:4a7697d8cb0f27399b0e393c0b90f0f1e40c82023ea4d45d22bce7032a5d7b81",
+                "sha256:51cb9476a3987c8967ebab3f0fe144819781fca264f57f89760037a2ea191cb0",
+                "sha256:52596d3d0e8bdf3af43db3e9ba8dcdaac724ba7b5ca3f6358529d56f7a166f8b",
+                "sha256:53194af30d5bad77fcba80e23a1441c71abfb3e01192034f8246e0d8f99528f3",
+                "sha256:5fec2d43a2cc6965edc0bb9e83e1e4b557f76f843a77a2496cbe719583ce8184",
+                "sha256:6c90e11318f0d3c436a42409f2749ee1a115cd8b067d7f14c148f1ce5574d701",
+                "sha256:74d881fc777ebb11c63736622b60cb9e4aee5cace591ce274fb69e582a12a61a",
+                "sha256:7501140f755b725495941b43347ba8a2777407fc7f250d4f5a7d2a1050ba8e82",
+                "sha256:796c9c3c79747146ebd278dbe1e5c5c05dd6b10cc3bcb8389dfdf844f3ead638",
+                "sha256:869a64f53488f40fa5b5b9dcb9e9b2962a66a87dab37790f3fcfb5144b996ef5",
+                "sha256:8963a499849a1fc54b35b1c9f162f4108017b2e6db2c46c1bed93a72262ed083",
+                "sha256:8d0a0725ad7c1a0bcd8d1b437e191107d457e2ec1084b9f190630a4fb1af78e6",
+                "sha256:900fbf7759501bc7807fd6638c947d7a831fc9fdf742dc10f02956ff7220fa90",
+                "sha256:92b017ce34b68a7d67bd6d117e6d443a9bf63a2ecf8567bb3d8c6c7bc5014465",
+                "sha256:970284a88b99673ccb2e4e334cfb38a10aab7cd44f7457564d11898a74b62d0a",
+                "sha256:972c85d205b51e30e59525694670de6a8a89691186012535f9d7dbaa230e42c3",
+                "sha256:9a1ef3b66e38ef8618ce5fdc7bea3d9f45f3624e2a66295eea5e57966c85909e",
+                "sha256:af0e781009aaf59e25c5a678122391cb0f345ac0ec272c7961dc5455e1c40066",
+                "sha256:b6d534e4b2ab35c9f93f46229363e17f63c53ad01330df9f2d6bd1187e5eaacf",
+                "sha256:b7895207b4c843c76a25ab8c1e866261bcfe27bfaa20c192de5190121770672b",
+                "sha256:c0891a6a97b09c1f3e073a890514d5012eb256845c451bd48f7968ef939bf4ae",
+                "sha256:c2723d347ab06e7ddad1a58b2a821218239249a9e4365eaff6649d31180c1669",
+                "sha256:d1f8bf7b90ba55699b3a5e44930e93ff0189aa27186e96071fac7dd0d06a1873",
+                "sha256:d1f9ce122f83b2305592c11d64f181b87153fc2c2bbd3bb4a3dde8303cfb1a6b",
+                "sha256:d314ed732c25d29775e84a960c3c60808b682c08d86602ec2c3008e1202e3bb6",
+                "sha256:d636598c8305e1f90b439dbf4f66437de4a5e3c31fdf47ad29542478c8508bbb",
+                "sha256:deee1077aae10d8fa88cb02c845cfba9b62c55e1183f52f6ae6a2df6a2187160",
+                "sha256:ebe78fe9a0e874362175b02371bdfbee64d8edc42a044253ddf4ee7d3c15212c",
+                "sha256:f030f8873312a16414c0d8e1a1ddff2d3235655a2174e3648b4fa66b3f2f1079",
+                "sha256:f0b278ce10936db1a37e6954e15a3730bea96a0997c26d7fee88e6c396c2086d",
+                "sha256:f11642dddbb0253cc8853254301b51390ba0081750a8ac03f20ea8103f0c56b6"
+            ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'",
+            "version": "==5.5"
+        },
+        "expects": {
+            "hashes": [
+                "sha256:419902ccafe81b7e9559eeb6b7a07ef9d5c5604eddb93000f0642b3b2d594f4c"
+            ],
+            "index": "pypi",
+            "version": "==0.9.0"
+        },
+        "mamba": {
+            "hashes": [
+                "sha256:75cfc6dfd287dcccaf86dd753cf48e0a7337487c7c3fafda05a6a67ded6da496"
+            ],
+            "index": "pypi",
+            "version": "==0.11.2"
+        },
+        "path": {
+            "hashes": [
+                "sha256:2de925e8d421f93bcea80d511b81accfb6a7e6b249afa4a5559557b0cf817097",
+                "sha256:340054c5bb459fc9fd40e7eb6768c5989f3e599d18224238465b5333bc8faa7d"
+            ],
+            "markers": "python_version >= '3.6'",
+            "version": "==16.2.0"
+        },
+        "path.py": {
+            "hashes": [
+                "sha256:8d885e8b2497aed005703d94e0fd97943401f035e42a136810308bff034529a8",
+                "sha256:a43e82eb2c344c3fd0b9d6352f6b856f40b8b7d3d65cc05978b42c3715668496"
+            ],
+            "index": "pypi",
+            "version": "==12.5.0"
+        },
+        "pexpect": {
+            "hashes": [
+                "sha256:0b48a55dcb3c05f3329815901ea4fc1537514d6ba867a152b581d69ae3710937",
+                "sha256:fc65a43959d153d0114afe13997d439c22823a27cefceb5ff35c2178c6784c0c"
+            ],
+            "index": "pypi",
+            "version": "==4.8.0"
+        },
+        "ptyprocess": {
+            "hashes": [
+                "sha256:4b41f3967fce3af57cc7e94b888626c18bf37a083e3651ca8feeb66d492fef35",
+                "sha256:5c5d0a3b48ceee0b48485e0c26037c0acd7d29765ca3fbb5cb3831d347423220"
+            ],
+            "version": "==0.7.0"
+        }
+    },
+    "develop": {}
+}

README.md

@@ -8,10 +8,6 @@
   - Security - The RFB specification (VNC) limits the password field to 8 characters, so while the client may take a longer password, only the first 8 characters are sent. KasmVNC defaults to HTTPS with HTTP Basic Auth and disables the legacy VNC authentication method which is not sufficiently secure for internet accessible systems.
   - Simplicity - KasmVNC aims at being simple to deploy and configure.
 
-# Releases
-
-Since this is a fast evolving project, the documents on the tip of master are chaning rapidly and will not match releases. Be sure to use the README and other documentation from the release branch that matches the version of KasmVNC you are using. Do not use the README from the master branch, unless you are compiling KasmVNC yourself from the tip of master. All releases starting at 0.9.3 have a branch named in the format 'release/0.9.3', for example. 
-
 # New Features!
 
   - Webp image compression for better bandwidth usage
@@ -20,7 +16,6 @@ Since this is a fast evolving project, the documents on the tip of master are ch
   - [Full screen video detection](https://github.com/kasmtech/KasmVNC/wiki/Video-Rendering-Options#video-mode), goes into configurable video mode for better full screen videoo playback performance.
   - [Dynamic jpeg/webp image coompression](https://github.com/kasmtech/KasmVNC/wiki/Video-Rendering-Options#dynamic-image-quality) quality settings based on screen change rates
   - Seemless clipboard support (on Chromium based browsers)
-  - Binary clipboard support for text, images, and formatted text (on Chromium based browsers)
   - Allow client to set/change most configuration settings
   - [Data Loss Prevention features](https://github.com/kasmtech/KasmVNC/wiki/Data-Loss-Prevention)
     - Key stroke logging
@@ -30,54 +25,47 @@ Since this is a fast evolving project, the documents on the tip of master are ch
     - Keyboard input rate limit
     - Screen region selection
   - Deb packages for Debian, Ubuntu, and Kali Linux included in release.
-  - RPM packages for CentOS, Oracle, OpenSUSE, Fedora. RPM packages are currently not updatable and not released, though you can build and install them. See build documentation.
+  - RPM packages for CentOS, Fedora. RPM packages are currently not updatable and not released, though you can build and install them. See build documentation.
   - Web [API](https://github.com/kasmtech/KasmVNC/wiki/API) added for remotely controlling and getting information from KasmVNC
-  - Multi-User support with permissions that can be changed via the API
+  - Multi-User with ability to pass control to other users.
   - Web UI uses a webpack for faster load times.
   - Network and CPU bottleneck statistics
-  - Relative cursor support (game pointer mode)
-  - Cursor lock
-  - IME support for languages with extended characters
-  - Better mobile support
+
 
 Future Goals:
 
-  - UDP transport for faster frame rates
-  - H264 encoding
+  - Support uploads and downloads
+  - Pre-build Packages for all major Linux distributions
 
 ### Installation
 
 #### Debian-based
 
 ```sh
-# Please choose the package for your distro here (under Assets):
-# https://github.com/kasmtech/KasmVNC/releases
-wget <package_url>
+wget -qO- https://github.com/kasmtech/KasmVNC/releases/download/v0.9.1-beta/kasmvncserver_0.9.1~beta-1_amd64.deb
 
-sudo apt-get install ./kasmvncserver_*.deb
-
-# We provide an example script to run KasmVNC at #
-# /usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start. It runs a VNC
-# server on display :10 and on interface 0.0.0.0. If you're happy with those
-# defaults you can just use it as is:
-sudo ln -s /usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start /usr/bin/
+sudo apt-get install ./kasmvncserver_0.9.1~beta-1_amd64.deb
 
 # Add your user to the ssl-cert group
 sudo addgroup $USER ssl-cert
 # You will need to re-connect in order to pick up the group change
 
-# Create a KasmVNC user able to use keyboard and mouse:
-vncpasswd -u $USER -w
+# Run KasmVNC on display :10 and on interface 0.0.0.0:
+KASMVNC_OPTIONS=':10 -depth 24 -geometry 1280x1050
+  -cert /etc/ssl/certs/ssl-cert-snakeoil.pem
+  -key /etc/ssl/private/ssl-cert-snakeoil.key -sslOnly -FrameRate=24
+  -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www'
+vncserver $KASMVNC_OPTIONS
 
-# Create ~/.vnc directory and corresponding files.
-kasmvncserver-easy-start -d && kasmvncserver-easy-start -kill
+# On the first run, vncserver will ask you to create a KasmVNC user and choose a desktop
+# environment you want to run. It can detect Cinnamon, Mate, LXDE, KDE, Gnome,
+# XFCE. You can also choose to manually edit xstartup.
+# After you chose a desktop environment or to manually edit xstartup,
+# vncserver won't ask you again, unless you run it as:
+vncserver $KASMVNC_OPTIONS -select-de
 
-# Modify vncstartup to launch your environment of choice, in this example LXDE
-# This may be optional depending on your system configuration
-echo '/usr/bin/lxsession -s LXDE &' >> ~/.vnc/xstartup
-
-# Start KasmVNC with debug logging:
-kasmvncserver-easy-start -d
+# You can select a specific Desktop Environment like this:
+vncserver $KASMVNC_OPTIONS -select-de mate
 
 # Tail the logs
 tail -f ~/.vnc/`hostname`:10.log
@@ -85,10 +73,10 @@ tail -f ~/.vnc/`hostname`:10.log
 
 Now navigate to your system at https://[ip-address]:8443/
 
-To stop a running KasmVNC:
+To stop the KasmVNC you started earlier on display 10:
 
 ```sh
-kasmvncserver-easy-start -kill
+vncserver -kill :10
 ```
 
 The options for vncserver:

builder/README.md

@@ -79,25 +79,6 @@ packages installed with XFCE.
 ```
 builder/test-deb-barebones ubuntu focal
 ```
-
-# Preparing a release
-
-Deb and rpm packages need their versions bumped to the new release version. It
-can be done with:
-
-```
-builder/bump-package-version 0.9.4-beta
-```
-
-This will update corresponding package files, use `git diff` to see changes.
-
-If you've ran the command and curious about Debian version specifics, here's an
-explanation:
-Deb version will be `0.9.4~beta-1`. `~` (and not `-`) is required by packaging
-guidelines, and `-1` is Debian package revision for `0.9.4` upstream release. If
-a Debian-specific patch was later added on top of `0.9.4`, it'd be `-2` for the
-next Debian version. Rpm has a corresponding revision in its .spec file.
-
 # CI development
 
 S3 upload code is extracted to various files in `.ci`. It's possible to iterate
@@ -109,33 +90,3 @@ bash -c '
 prepare_upload_filename "bionic/kasmvncserver_0.9.1~beta-1+libjpeg-turbo-latest_amd64.deb";
 echo $upload_filename;'
 ```
-
-# ARM
-
-KasmVNC is supported on ARM, however, the build process needs to be broken into two parts with one occuring on a x64 system and the other on an ARM system. All our testing and official builds are done on AWS Graviton instances.
-
-### Build www code on x86 System
-The www code is webpacked for performance and thus requires building. There are NPM packages, phantomjs, which do not have an ARM build. Therefore, this must be built on x86 and then copied over to the ARM system for final packaging.
-
-```
-cd ~/KasmVNC
-mkdir builder/www
-sudo docker build -t kasmweb/www -f builder/dockerfile.www.build .
-sudo docker run --rm -v $PWD/builder/www:/build kasmweb/www:latest
-cd builder
-tar -zcvf /tmp/kasm_www.tar.gz www
-```
-
-Now transfer ```kasm_www.tar.gz``` to the ARM system.
-
-### Build KasmVNC ARM
-These instructions assume KasmVNC has been cloned at $HOME and ```kasm_www.tar.gz``` has been placed at $HOME as well, adjust for your environment.
-
-```
-cd ~
-tar -zxf kasm_www.tar.gz -C KasmVNC/builder/
-cd KasmVNC
-sudo builder/build-package ubuntu bionic
-```
-The resulting deb package can be found under ~/KasmVNC/builder/build/bionic
-Replace ```bionic``` with ```focal``` to build for Ubuntu 20.04LTS. At this time, only Ubuntu Bionic has been tested, however, other Debian based builds we support should also work.

builder/build-deb-inside-docker

@@ -29,6 +29,5 @@ fi
 
 dpkg-buildpackage -us -uc -b
 mkdir -p "$os_dir"
-cp ../*dbgsym*deb "$os_dir"
 cp ../*.deb "$os_dir"
 lintian ../*.deb || true

builder/build-rpm-inside-docker

@@ -8,7 +8,7 @@ prepare_build_env() {
 }
 
 copy_spec_and_tar_with_binaries() {
-  cp /tmp/kasmvncserver.spec ~/rpmbuild/SPECS/
+  cp /src/centos/kasmvncserver.spec ~/rpmbuild/SPECS/
   cp /src/builder/build/kasmvnc.${os}_${os_codename}.tar.gz \
     ~/rpmbuild/SOURCES/
 }
@@ -20,13 +20,8 @@ copy_rpm_to_build_dir() {
 
 cd "$(dirname "$0")/.."
 
-if [ -z ${KASMVNC_BUILD_OS_CODENAME+x} ]; then
-  os=$(lsb_release -is | tr '[:upper:]' '[:lower:]')
-  os_codename=$(lsb_release -cs | tr '[:upper:]' '[:lower:]')
-else
-  os=${KASMVNC_BUILD_OS}
-  os_codename=${KASMVNC_BUILD_OS_CODENAME}
-fi
+os=$(lsb_release -is | tr '[:upper:]' '[:lower:]')
+os_codename=$(lsb_release -cs | tr '[:upper:]' '[:lower:]')
 os_dir="build/${os}_${os_codename}"
 
 prepare_build_env

builder/build-tarball

@@ -31,7 +31,6 @@ docker build -t "$builder_image" \
   -f builder/dockerfile.${os}_${os_codename}${build_tag}.build .
 mkdir -p builder/build
 docker run -v $shared_with_docker_dir:/build -e BUILD_TAG="$build_tag" \
-  -e KASMVNC_COMMIT_ID="$KASMVNC_COMMIT_ID" \
   --rm "$builder_image"
 
 L_GID=$(id -g)

builder/build.sh

@@ -7,12 +7,6 @@ detect_quilt() {
   fi
 }
 
-ensure_crashpad_can_fetch_line_number_by_address() {
-  if [ ! -f /etc/centos-release ]; then
-    export LDFLAGS="$LDFLAGS -no-pie"
-  fi
-}
-
 # For build-dep to work, the apt sources need to have the source server
 #sudo apt-get build-dep xorg-server
 
@@ -23,7 +17,7 @@ cd /tmp
 # default to the version of x in Ubuntu 18.04, otherwise caller will need to specify
 XORG_VER=${XORG_VER:-"1.19.6"}
 XORG_PATCH=$(echo "$XORG_VER" | grep -Po '^\d.\d+' | sed 's#\.##')
-wget https://www.x.org/archive/individual/xserver/xorg-server-${XORG_VER}.tar.bz2
+wget --no-check-certificate https://www.x.org/archive/individual/xserver/xorg-server-${XORG_VER}.tar.bz2
 
 #git clone https://kasmweb@bitbucket.org/kasmtech/kasmvnc.git
 #cd kasmvnc
@@ -36,38 +30,28 @@ sed -i -e '/find_package(FLTK/s@^@#@' \
 	-e '/add_subdirectory(tests/s@^@#@' \
 	CMakeLists.txt
 
-cmake -D CMAKE_BUILD_TYPE=RelWithDebInfo . -DBUILD_VIEWER:BOOL=OFF \
-  -DENABLE_GNUTLS:BOOL=OFF
+cmake -D CMAKE_BUILD_TYPE=RelWithDebInfo .
 make -j5
 
-tar -C unix/xserver -xf /tmp/xorg-server-${XORG_VER}.tar.bz2 --strip-components=1
+tar -C unix/xserver -xvf /tmp/xorg-server-${XORG_VER}.tar.bz2 --strip-components=1
 
 cd unix/xserver
 patch -Np1 -i ../xserver${XORG_PATCH}.patch
-case "$XORG_VER" in
-  1.20.*)
-      if [ -f ../xserver120.7.patch ]; then
-        patch -Np1 -i ../xserver120.7.patch
-      fi ;;
-esac
+if [[ $XORG_VER =~ ^1\.20\..*$ ]]; then
+  patch -Np1 -i ../xserver120.7.patch
+fi
 
 autoreconf -i
 # Configuring Xorg is long and has many distro-specific paths.
 # The distro paths start after prefix and end with the font path,
 # everything after that is based on BUILDING.txt to remove unneeded
 # components.
-ensure_crashpad_can_fetch_line_number_by_address
-# remove gl check for opensuse
-if [ "${KASMVNC_BUILD_OS}" == "opensuse" ]; then
-  sed -i 's/LIBGL="gl >= 7.1.0"/LIBGL="gl >= 1.1"/g' configure
-fi
 ./configure --prefix=/opt/kasmweb \
 	--with-xkb-path=/usr/share/X11/xkb \
 	--with-xkb-output=/var/lib/xkb \
 	--with-xkb-bin-directory=/usr/bin \
 	--with-default-font-path="/usr/share/fonts/X11/misc,/usr/share/fonts/X11/cyrillic,/usr/share/fonts/X11/100dpi/:unscaled,/usr/share/fonts/X11/75dpi/:unscaled,/usr/share/fonts/X11/Type1,/usr/share/fonts/X11/100dpi,/usr/share/fonts/X11/75dpi,built-ins" \
-  --with-sha1=libcrypto \
-	--without-dtrace --disable-dri \
+	--with-pic --without-dtrace --disable-dri \
         --disable-static \
 	--disable-xinerama --disable-xvfb --disable-xnest --disable-xorg \
 	--disable-dmx --disable-xwin --disable-xephyr --disable-kdrive \
@@ -88,8 +72,6 @@ mkdir lib
 cd lib
 if [ -d /usr/lib/x86_64-linux-gnu/dri ]; then
   ln -s /usr/lib/x86_64-linux-gnu/dri dri
-elif [ -d /usr/lib/aarch64-linux-gnu/dri ]; then
-  ln -s /usr/lib/aarch64-linux-gnu/dri dri
 else
   ln -s /usr/lib64/dri dri
 fi
@@ -98,9 +80,7 @@ cd /src
 detect_quilt
 if [ -n "$QUILT_PRESENT" ]; then
   quilt push -a
-  echo 'Patches applied!'
 fi
-
 make servertarball
 
 cp kasmvnc*.tar.gz /build/kasmvnc.${KASMVNC_BUILD_OS}_${KASMVNC_BUILD_OS_CODENAME}.tar.gz

builder/build_www.sh

@@ -15,3 +15,4 @@ cd /build
 rm *.md
 rm AUTHORS
 rm vnc.html
+rm vnc_lite.html

builder/bump-package-version

@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-set -eo pipefail
-
-update_version_to_meet_packaging_standards() {
-  new_version=$(echo "$new_version" |
-    sed -e 's/\([0-9]\)-\([a-zA-Z]\)/\1~\2/')
-}
-
-bump_rpm() {
-  builder/bump-package-version-rpm "$new_version"
-}
-
-bump_deb() {
-  builder/bump-package-version-deb "$new_version"
-}
-
-new_version="$1"
-
-if [[ -z "$new_version" ]]; then
-  echo >&2 "Usage: $(basename "$0") <new_version>"
-  exit 1
-fi
-
-cd "$(dirname "$0")/.."
-
-update_version_to_meet_packaging_standards
-bump_rpm
-bump_deb

builder/bump-package-version-deb

@@ -1,23 +0,0 @@
-#!/bin/bash
-
-set -eo pipefail
-
-new_version="$1"
-
-add_debian_revision_to_new_version() {
-  echo "$new_version-1"
-}
-
-bump_deb() {
-  local image="debbump_package_version:dev"
-  local L_UID=$(id -u)
-  local L_GID=$(id -g)
-  local debian_version=$(add_debian_revision_to_new_version)
-
-  docker build -t "$image" -f builder/dockerfile.bump-package-version .
-  docker run --rm -v "$PWD":/src --user "$L_UID:$L_GID" \
-    "$image" /bin/bash -c \
-    "cd /src && builder/bump-package-version-inside-docker-deb $debian_version"
-}
-
-bump_deb

builder/bump-package-version-inside-docker-deb

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-new_version="$1"
-
-update_version() {
-  dch --newversion $new_version 'New upstream release.'
-}
-
-mark_as_released() {
-  dch --release ""
-}
-
-update_version
-mark_as_released

builder/bump-package-version-rpm

@@ -1,32 +0,0 @@
-#!/bin/bash
-
-set -eo pipefail
-
-new_version="$1"
-specs="centos/kasmvncserver.spec
-oracle/kasmvncserver.spec
-opensuse/kasmvncserver.spec"
-
-bump_version() {
-  sed -i "s/^Version:.\+/Version:        $new_version/" "$1"
-}
-
-detect_release_version() {
-  release_version=$(sed -ne 's/^Release:\s\+//p' "$1" | sed -e 's/%.\+$//')
-}
-
-bump_changelog() {
-  detect_release_version "$1"
-
-  local date=$(date +'%a %b %d %Y')
-  local changelog_version="$new_version-$release_version"
-  local new_changelog_entry="* $date KasmTech <info@kasmweb.com> - $changelog_version\n- Upstream release"
-
-  sed -i -e "s/%changelog/%changelog\n$new_changelog_entry/" "$1"
-}
-
-IFS=$'\n'
-for spec_file in $specs; do
-  bump_version $spec_file
-  bump_changelog $spec_file
-done

builder/dockerfile.bump-package-version

@@ -1,6 +0,0 @@
-FROM debian:buster
-
-ENV DEBEMAIL="Kasm Technologies LLC <info@kasmweb.com>"
-
-RUN apt-get update && \
-      apt-get -y install vim devscripts

builder/dockerfile.centos_core.build

@@ -3,7 +3,6 @@ FROM centos:centos7
 ENV KASMVNC_BUILD_OS centos
 ENV KASMVNC_BUILD_OS_CODENAME core
 
-RUN yum install -y ca-certificates
 RUN yum install -y build-dep xorg-server libxfont-dev sudo
 RUN yum install -y gcc cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
 RUN yum install -y libjpeg-dev libpng-dev libtiff-dev libgif-dev libavcodec-dev openssl-devel
@@ -11,14 +10,12 @@ RUN yum install -y make
 RUN yum group install -y "Development Tools"
 RUN yum install -y xorg-x11-server-devel zlib-devel libjpeg-turbo-devel
 RUN yum install -y libxkbfile-devel libXfont2-devel xorg-x11-font-utils \
-  xorg-x11-xtrans-devel xorg-x11-xkb-utils-devel libXrandr-devel pam-devel \
-  gnutls-devel libX11-devel libXtst-devel libXcursor-devel
+  xorg-x11-xtrans-devel xorg-x11-xkb-utils-devel
 RUN yum install -y mesa-dri-drivers
-RUN yum install -y ca-certificates
 
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
-RUN cd /tmp && tar -xzf /tmp/libwebp-*
+RUN cd /tmp && tar -xzvf /tmp/libwebp-*
 RUN cd /tmp/libwebp-1.0.2 && \
     ./configure --enable-static --disable-shared && \
     make && make install

builder/dockerfile.debian_bullseye.build

@@ -13,11 +13,11 @@ RUN apt-get update && \
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
 RUN apt-get update && apt-get -y install cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
-RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
+RUN apt-get update && apt-get -y install libjpeg-dev libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev
 
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
-RUN cd /tmp && tar -xzf /tmp/libwebp-*
+RUN cd /tmp && tar -xzvf /tmp/libwebp-*
 RUN cd /tmp/libwebp-1.0.2 && \
     ./configure --enable-static --disable-shared && \
     make && make install

builder/dockerfile.debian_buster.build

@@ -13,11 +13,11 @@ RUN apt-get update && \
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
 RUN apt-get update && apt-get -y install cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
-RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
+RUN apt-get update && apt-get -y install libjpeg-dev libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev
 
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
-RUN cd /tmp && tar -xzf /tmp/libwebp-*
+RUN cd /tmp && tar -xzvf /tmp/libwebp-*
 RUN cd /tmp/libwebp-1.0.2 && \
     ./configure --enable-static --disable-shared && \
     make && make install

builder/dockerfile.debian_buster.deb.test

@@ -34,6 +34,14 @@ RUN apt-get purge -y pm-utils xscreensaver*
 RUN apt-get update && apt-get install -y vim less
 RUN apt-get update && apt-get -y install lsb-release
 
+RUN apt-get update && apt-get install -y task-cinnamon-desktop
+RUN apt-get update && apt-get install -y task-gnome-desktop
+RUN mkdir -p /usr/share/man/man1
+RUN apt-get update && apt-get install -y apt-utils openjdk-11-jre
+RUN apt-get update && apt-get install -y task-lxde-desktop
+RUN apt-get update && apt-get install -y task-mate-desktop
+RUN apt-get update && apt-get install -y task-kde-desktop
+
 RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
 
 RUN mkdir -p $STARTUPDIR

builder/dockerfile.fedora_thirtythree.build

@@ -18,14 +18,13 @@ RUN dnf install -y make
 RUN dnf group install -y "Development Tools"
 RUN dnf install -y xorg-x11-server-devel zlib-devel libjpeg-turbo-devel
 RUN dnf install -y libxkbfile-devel libXfont2-devel xorg-x11-font-utils \
-  xorg-x11-xtrans-devel xorg-x11-xkb-utils-devel libXrandr-devel libXtst-devel \
-  libXcursor-devel
+  xorg-x11-xtrans-devel xorg-x11-xkb-utils-devel
 RUN dnf install -y mesa-dri-drivers
 RUN dnf install -y bzip2 redhat-lsb-core
 
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
-RUN cd /tmp && tar -xzf /tmp/libwebp-*
+RUN cd /tmp && tar -xzvf /tmp/libwebp-*
 RUN cd /tmp/libwebp-1.0.2 && \
     ./configure --enable-static --disable-shared && \
     make && make install

builder/dockerfile.kali_kali-rolling.build

@@ -13,11 +13,11 @@ RUN apt-get update && \
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
 RUN apt-get update && apt-get -y install cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
-RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
+RUN apt-get update && apt-get -y install libjpeg-dev libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev
 
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
-RUN cd /tmp && tar -xzf /tmp/libwebp-*
+RUN cd /tmp && tar -xzvf /tmp/libwebp-*
 RUN cd /tmp/libwebp-1.0.2 && \
     ./configure --enable-static --disable-shared && \
     make && make install

builder/dockerfile.opensuse_15.barebones.rpm.test

@@ -1,37 +0,0 @@
-FROM opensuse/leap:15.3
-
-# base tools
-RUN zypper -n install -y \
-  less \
-  vim \
-  xterm
-
-# deps and rpm install
-RUN zypper -n install -y \
-  libglvnd \
-  libgomp1 \
-  libjpeg8 \
-  libpixman-1-0 \
-  libXdmcp6 \
-  libXfont2-2 \
-  libxkbcommon-x11-0 \
-  openssl \
-  perl \
-  x11-tools \
-  xauth \
-  xkbcomp \
-  xkeyboard-config && \
-  mkdir -p /etc/pki/tls/private
-
-ARG KASMVNC_PACKAGE_DIR
-COPY $KASMVNC_PACKAGE_DIR/*.rpm /tmp
-RUN zypper install -y --allow-unsigned-rpm /tmp/*.rpm
-
-RUN useradd -m foo
-
-USER foo:kasmvnc-cert
-
-RUN mkdir ~/.vnc && echo '/usr/bin/xterm &' >> ~/.vnc/xstartup && \
-  chmod +x ~/.vnc/xstartup
-
-ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u \"$VNC_USER\" && vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /etc/pki/tls/private/kasmvnc.pem -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "

builder/dockerfile.opensuse_15.build

@@ -1,59 +0,0 @@
-FROM opensuse/leap:15.3
-
-ENV KASMVNC_BUILD_OS opensuse
-ENV KASMVNC_BUILD_OS_CODENAME 15
-ENV XORG_VER 1.20.3
-
-# Install depends
-RUN zypper install -ny \
-  bdftopcf \
-  bigreqsproto-devel \
-  cmake \
-  ffmpeg-4-libavcodec-devel \
-  fonttosfnt \
-  font-util \
-  gcc \
-  gcc-c++ \
-  giflib-devel \
-  git \
-  gzip \
-  lbzip2 \
-  libbz2-devel \
-  libGLw-devel \
-  libgnutls-devel \
-  libjpeg8-devel \
-  libopenssl-devel \
-  libpng16-devel \
-  libtiff-devel \
-  libXfont2-devel \
-  libxkbcommon-x11-devel \
-  make \
-  Mesa-dri \
-  Mesa-libglapi-devel \
-  mkfontdir \
-  mkfontscale \
-  patch \
-  tigervnc \
-  wget \
-  xcmiscproto-devel \
-  xorg-x11-devel \
-  xorg-x11-server-sdk \
-  xorg-x11-util-devel \
-  zlib-devel
-
-# Additions for webp
-RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
-RUN cd /tmp && tar -xzf /tmp/libwebp-*
-RUN cd /tmp/libwebp-1.0.2 && \
-    ./configure --enable-static --disable-shared && \
-    make && make install
-
-RUN useradd -u 1000 docker && \
-  groupadd -g 1000 docker && \
-  usermod -a -G docker docker
-
-COPY --chown=docker:docker . /src/
-
-
-USER docker
-ENTRYPOINT ["/src/builder/build.sh"]

builder/dockerfile.opensuse_15.rpm.build

@@ -1,24 +0,0 @@
-FROM opensuse/leap:15.3
-
-ENV KASMVNC_BUILD_OS opensuse
-ENV KASMVNC_BUILD_OS_CODENAME 15
-
-RUN zypper -n install -y \
-  gpg* \
-  less \
-  lsb-release \
-  rng-tools \
-  rpm-build \
-  rpmdevtools \
-  rpmlint \
-  tree \
-  vim
-
-COPY opensuse/*.spec /tmp
-RUN zypper -n install $(grep BuildRequires /tmp/*.spec | cut -d' ' -f2 | xargs)
-
-RUN useradd -u 1000 -m -d /home/docker docker && \
-  groupadd -g 1000 docker && \
-  usermod -a -G docker docker
-
-USER docker

builder/dockerfile.oracle_8.barebones.rpm.test

@@ -1,20 +0,0 @@
-FROM oraclelinux:8
-
-RUN dnf install -y \
-  less \
-  redhat-lsb-core \
-  vim \
-  xterm
-  
-ARG KASMVNC_PACKAGE_DIR
-COPY $KASMVNC_PACKAGE_DIR/*.rpm /tmp
-RUN dnf localinstall -y /tmp/*.rpm
-
-RUN useradd -m foo
-
-USER foo:kasmvnc-cert
-
-RUN mkdir ~/.vnc && echo '/usr/bin/xterm &' >> ~/.vnc/xstartup && \
-  chmod +x ~/.vnc/xstartup
-
-ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u \"$VNC_USER\" && vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /etc/pki/tls/private/kasmvnc.pem -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "

builder/dockerfile.oracle_8.build

@@ -1,61 +0,0 @@
-FROM oraclelinux:8
-
-ENV KASMVNC_BUILD_OS oracle
-ENV KASMVNC_BUILD_OS_CODENAME 8
-ENV XORG_VER 1.20.10
-
-# Install from stock repos
-RUN dnf install -y \
-  bzip2-devel \
-  ca-certificates \
-  cmake \
-  dnf-plugins-core \
-  gcc \
-  gcc-c++ \
-  git \
-  gnutls-devel \
-  libjpeg-turbo-devel \
-  libpng-devel \
-  libtiff-devel \
-  make \
-  mesa-dri-drivers \
-  openssl-devel \
-  openssl-devel \
-  patch \
-  tigervnc-server \
-  wget \
-  xorg-x11-font-utils \
-  zlib-devel
-
-# Enable additional repos (epel, powertools, and fusion)
-RUN dnf config-manager --set-enabled ol8_codeready_builder
-RUN dnf install -y oracle-epel-release-el8
-RUN dnf install -y --nogpgcheck https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm
-
-# Install from new repos
-RUN dnf install -y \
-  ffmpeg-devel \
-  giflib-devel \
-  lbzip2 \
-  libXfont2-devel \
-  libxkbfile-devel \
-  xorg-x11-server-devel \
-  xorg-x11-xkb-utils-devel \
-  xorg-x11-xtrans-devel \
-  libXrandr-devel \
-  libXtst-devel \
-  libXcursor-devel
-
-# Additions for webp
-RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
-RUN cd /tmp && tar -xzf /tmp/libwebp-*
-RUN cd /tmp/libwebp-1.0.2 && \
-    ./configure --enable-static --disable-shared && \
-    make && make install
-
-RUN useradd -m docker && echo "docker:docker" | chpasswd
-
-COPY --chown=docker:docker . /src/
-
-USER docker
-ENTRYPOINT ["/src/builder/build.sh"]

builder/dockerfile.oracle_8.rpm.build

@@ -1,21 +0,0 @@
-FROM oraclelinux:8
-
-ENV KASMVNC_BUILD_OS oracle
-ENV KASMVNC_BUILD_OS_CODENAME 8
-
-RUN dnf install -y \
-  gpg* \
-  less \
-  redhat-lsb-core \
-  rng-tools \
-  rpm* \
-  rpmlint \
-  tree \
-  vim
-
-COPY oracle/*.spec /tmp
-RUN dnf builddep -y /tmp/*.spec
-
-RUN useradd -m docker && echo "docker:docker" | chpasswd
-
-USER docker

builder/dockerfile.ubuntu_bionic+libjpeg-turbo_latest.build

@@ -11,7 +11,7 @@ RUN apt-get update && \
 
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
 RUN apt-get update && apt-get -y install cmake git libgnutls28-dev vim wget tightvncserver
-RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
+RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev
 
 RUN apt-get update && apt-get install -y cmake nasm gcc
 RUN git clone https://github.com/libjpeg-turbo/libjpeg-turbo.git
@@ -20,7 +20,7 @@ RUN export MAKEFLAGS=-j`nproc`; cd libjpeg-turbo && cmake -DCMAKE_INSTALL_PREFIX
 
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
-RUN cd /tmp && tar -xzf /tmp/libwebp-*
+RUN cd /tmp && tar -xzvf /tmp/libwebp-*
 RUN cd /tmp/libwebp-1.0.2 && \
     ./configure --enable-static --disable-shared && \
     make && make install

builder/dockerfile.ubuntu_bionic.build

@@ -11,11 +11,11 @@ RUN apt-get update && \
 
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
 RUN apt-get update && apt-get -y install cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
-RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
+RUN apt-get update && apt-get -y install libjpeg-dev libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev
 
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
-RUN cd /tmp && tar -xzf /tmp/libwebp-*
+RUN cd /tmp && tar -xzvf /tmp/libwebp-*
 RUN cd /tmp/libwebp-1.0.2 && \
     ./configure --enable-static --disable-shared && \
     make && make install

builder/dockerfile.ubuntu_focal.build

@@ -12,12 +12,12 @@ RUN apt-get update && \
 
 RUN apt-get update && apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
-RUN apt-get update && apt-get -y install cmake git libjpeg-dev vim wget
-RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
+RUN apt-get update && apt-get -y install cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
+RUN apt-get update && apt-get -y install libjpeg-dev libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev
 
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
-RUN cd /tmp && tar -xzf /tmp/libwebp-*
+RUN cd /tmp && tar -xzvf /tmp/libwebp-*
 RUN cd /tmp/libwebp-1.0.2 && \
     ./configure --enable-static --disable-shared && \
     make && make install

builder/dockerfile.ubuntu_focal.vncserver.test

@@ -0,0 +1,50 @@
+FROM ubuntu:focal
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV VNC_PORT 8443
+ENV VNC_PORT2 8444
+ENV VNC_PORT3 8445
+EXPOSE $VNC_PORT
+EXPOSE $VNC_PORT2
+EXPOSE $VNC_PORT3
+
+RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext wget
+RUN apt-get purge -y pm-utils xscreensaver*
+RUN apt-get update && apt-get install -y vim less
+RUN apt-get update && apt-get -y install lsb-release
+RUN apt-get update && apt-get -y install net-tools
+
+# RUN mkdir -p /usr/share/man/man1
+# RUN apt-get update && apt-get install -y apt-utils openjdk-11-jre
+RUN apt-get update && apt-get install -y ubuntu-mate-desktop
+RUN apt-get update && apt-get install -y lxde
+RUN apt-get update && apt-get install -y lxqt
+RUN apt-get update && apt-get install -y kde-full
+RUN apt-get update && apt-get install -y cinnamon
+RUN apt-get update && apt-get install -y ubuntu-gnome-desktop
+
+RUN apt-get update && apt-get install -y python3-pip
+RUN apt-get update && apt-get install -y strace
+
+RUN useradd -m docker
+ENV USER docker
+
+ARG KASMVNC_PACKAGE_DIR
+COPY $KASMVNC_PACKAGE_DIR/kasmvncserver_*.deb /tmp
+RUN dpkg -i /tmp/*.deb; apt-get -yf install
+
+ENV HOME /home/docker
+RUN chown -R 1000:0 $HOME
+USER 1000:ssl-cert
+WORKDIR $HOME
+
+RUN pip3 install --user pipenv
+RUN echo 'PATH="/src/unix:~/.local/bin/:$PATH"' >> ~/.bashrc
+RUN echo 'alias go="sh /src/s; vncserver -kill :1"' >> ~/.bashrc
+RUN echo 'alias ns="netstat -nltp"' >> ~/.bashrc
+RUN echo 'alias mamba="pipenv run mamba spec/"' >> ~/.bashrc
+
+ENV LC_ALL=C.UTF-8
+ENV LANG=C.UTF-8
+
+ENTRYPOINT ["bash", "-ic", "cd /src && pipenv install; exec bash"]

builder/dockerfile.ubuntu_jammy.build

@@ -1,30 +0,0 @@
-FROM ubuntu:jammy
-
-ENV KASMVNC_BUILD_OS ubuntu
-ENV KASMVNC_BUILD_OS_CODENAME jammy
-ENV XORG_VER 1.20.8
-ENV DEBIAN_FRONTEND noninteractive
-
-RUN sed -i 's$# deb-src$deb-src$' /etc/apt/sources.list
-
-RUN apt-get update && \
-      apt-get -y install sudo
-
-RUN apt-get update && apt-get install -y --no-install-recommends tzdata
-RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
-RUN apt-get update && apt-get -y install cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
-RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
-
-# Additions for webp
-RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
-RUN cd /tmp && tar -xzf /tmp/libwebp-*
-RUN cd /tmp/libwebp-1.0.2 && \
-    ./configure --enable-static --disable-shared && \
-    make && make install
-
-RUN useradd -m docker && echo "docker:docker" | chpasswd && adduser docker sudo
-
-COPY --chown=docker:docker . /src/
-
-USER docker
-ENTRYPOINT ["/src/builder/build.sh"]

builder/dockerfile.ubuntu_jammy.deb.build

@@ -1,19 +0,0 @@
-FROM ubuntu:jammy
-
-ENV DEBIAN_FRONTEND noninteractive
-
-RUN apt-get update && \
-      apt-get -y install vim build-essential devscripts equivs
-
-# Install build-deps for the package.
-COPY ./debian/control /tmp
-RUN apt-get update && echo YYY | mk-build-deps --install --remove /tmp/control
-
-ARG L_UID
-RUN if [ "$L_UID" -eq 0 ]; then \
-      useradd -m docker; \
-    else \
-      useradd -m docker -u $L_UID;\
-    fi
-
-USER docker

builder/dockerfile.ubuntu_jammy.deb.test

@@ -1,57 +0,0 @@
-FROM ubuntu:jammy
-
-ENV DISPLAY=:1 \
-    VNC_PORT=8443 \
-    VNC_RESOLUTION=1280x720 \
-    MAX_FRAME_RATE=24 \
-    VNCOPTIONS="-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7" \
-    HOME=/home/user \
-    TERM=xterm \
-    STARTUPDIR=/dockerstartup \
-    INST_SCRIPTS=/dockerstartup/install \
-    KASM_RX_HOME=/dockerstartup/kasmrx \
-    DEBIAN_FRONTEND=noninteractive \
-    VNC_COL_DEPTH=24 \
-    VNC_RESOLUTION=1280x1024 \
-    VNC_PW=vncpassword \
-    VNC_USER=user \
-    VNC_VIEW_ONLY_PW=vncviewonlypassword \
-    LD_LIBRARY_PATH=/usr/local/lib/ \
-    OMP_WAIT_POLICY=PASSIVE \
-    SHELL=/bin/bash \
-    SINGLE_APPLICATION=0 \
-    KASMVNC_BUILD_OS=ubuntu \
-    KASMVNC_BUILD_OS_CODENAME=bionic
-
-EXPOSE $VNC_PORT
-
-WORKDIR $HOME
-
-### REQUIRED STUFF ###
-
-RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext wget
-RUN apt-get purge -y pm-utils xscreensaver*
-RUN apt-get update && apt-get install -y vim less
-RUN apt-get update && apt-get -y install lsb-release
-
-RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
-
-RUN mkdir -p $STARTUPDIR
-COPY startup/ $STARTUPDIR
-
-### START CUSTOM STUFF ####
-
-ARG KASMVNC_PACKAGE_DIR
-COPY $KASMVNC_PACKAGE_DIR/kasmvncserver_*.deb /tmp/
-RUN rm -f /tmp/kasmvncserver_*+*.deb; dpkg -i /tmp/*.deb; apt-get -yf install
-
-RUN mkdir ~/.vnc && echo '/usr/bin/xfce4-session &' >> ~/.vnc/xstartup && \
-  chmod +x ~/.vnc/xstartup
-
-### END CUSTOM STUFF ###
-
-RUN chown -R 1000:0 $HOME
-USER 1000:ssl-cert
-WORKDIR $HOME
-
-ENTRYPOINT [ "/dockerstartup/vnc_startup.sh" ]

builder/dockerfile.ubuntu_jammy.test

@@ -1,51 +0,0 @@
-FROM ubuntu:jammy
-
-ENV DISPLAY=:1 \
-    VNC_PORT=8443 \
-    VNC_RESOLUTION=1280x720 \
-    MAX_FRAME_RATE=24 \
-    VNCOPTIONS="-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7" \
-    HOME=/home/user \
-    TERM=xterm \
-    STARTUPDIR=/dockerstartup \
-    INST_SCRIPTS=/dockerstartup/install \
-    KASM_RX_HOME=/dockerstartup/kasmrx \
-    DEBIAN_FRONTEND=noninteractive \
-    VNC_COL_DEPTH=24 \
-    VNC_RESOLUTION=1280x1024 \
-    VNC_PW=vncpassword \
-    VNC_USER=user \
-    VNC_VIEW_ONLY_PW=vncviewonlypassword \
-    LD_LIBRARY_PATH=/usr/local/lib/ \
-    OMP_WAIT_POLICY=PASSIVE \
-    SHELL=/bin/bash \
-    SINGLE_APPLICATION=0 \
-    KASMVNC_BUILD_OS=ubuntu \
-    KASMVNC_BUILD_OS_CODENAME=jammy
-
-EXPOSE $VNC_PORT
-
-WORKDIR $HOME
-
-### REQUIRED STUFF ###
-
-RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext libjpeg-dev wget
-RUN apt-get purge -y pm-utils xscreensaver*
-
-RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
-
-RUN mkdir -p $STARTUPDIR
-COPY startup/ $STARTUPDIR
-
-### START CUSTOM STUFF ####
-
-COPY build/kasmvnc.${KASMVNC_BUILD_OS}_${KASMVNC_BUILD_OS_CODENAME}.tar.gz /tmp/
-RUN tar -xzvf /tmp/kasmvnc.${KASMVNC_BUILD_OS}_${KASMVNC_BUILD_OS_CODENAME}.tar.gz --strip 1 -C /
-
-### END CUSTOM STUFF ###
-
-RUN chown -R 1000:0 $HOME
-USER 1000
-WORKDIR $HOME
-
-ENTRYPOINT [ "/dockerstartup/vnc_startup.sh" ]

builder/startup/deb/cli-processing.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+
+debug() {
+  if [ -z "$debug" ]; then return; fi
+
+  echo "$@"
+}
+
+enable_debug() {
+  debug=1
+  log_option="-log *:stderr:100"
+}
+
+kill_vnc_server() {
+  vncserver -kill $display
+}
+
+process_cli_options() {
+  for option in "$@"; do
+    case "$option" in
+      --help)
+        show_help
+        exit
+        ;;
+      -d|--debug)
+        enable_debug
+        ;;
+      -k|--kill)
+        kill_vnc_server
+        exit
+        ;;
+      -s|--select-de)
+        action=select-de-and-start
+        ;;
+      *)
+        echo >&2 "Unsupported argument: $option"
+        exit 1
+    esac
+  done
+}
+
+show_help() {
+  cat >&2 <<-USAGE
+Usage: $(basename "$0") [options]
+  -d, --debug      Debug output
+  -k, --kill       Kill vncserver
+  -s, --select-de  Select desktop environent to run
+  --help           Show this help
+USAGE
+}

builder/startup/deb/kasmvncserver-easy-start

@@ -4,43 +4,8 @@ set -e
 
 display=:10
 interface=0.0.0.0
-cert_group=ssl-cert
 
-if [[ "$1" = "--help" ]]; then
-  cat >&2 <<-USAGE
-Usage: `basename $0` [options]
-  -d     Debug output
-  -kill  Kill vncserver
-  --help show this help
-USAGE
-  exit
-fi
-
-if [[ "$1" = "-d" ]]; then
-  log_option="-log *:stderr:100"
-fi
-
-action=start
-if [[ "$1" = "-kill" ]]; then
-  action=kill
-fi
-
-if groups | grep -qvw ssl-cert; then
-  cat <<-EOF
-    Can't access TLS certificate.
-    Please add your user to $cert_group via 'addgroup <user> ssl-cert'
-EOF
-  exit 1
-fi
-
-if [[ "$action" = "kill" ]]; then
-  vncserver -kill $display
-  exit
-fi
-
-vncserver $display -interface $interface
-vncserver -kill $display
 vncserver $display -depth 24 -geometry 1280x1050 -websocketPort 8443 \
   -cert /etc/ssl/certs/ssl-cert-snakeoil.pem \
   -key /etc/ssl/private/ssl-cert-snakeoil.key -sslOnly -FrameRate=24 \
-  -interface $interface -httpd /usr/share/kasmvnc/www $log_option
+  -interface $interface -httpd /usr/share/kasmvnc/www

builder/startup/deb/select-de.sh

@@ -0,0 +1,258 @@
+#!/bin/bash
+
+set -e
+
+xstartup_script=~/.vnc/xstartup
+de_was_selected_file="$HOME/.vnc/.de-was-selected"
+
+debug() {
+  if [ -z "$debug" ]; then return; fi
+
+  echo "$@"
+}
+
+enable_debug() {
+  debug=1
+}
+
+process_cli_options() {
+  while [ $# -gt 0 ]; do
+    local option="$1"
+    shift
+
+    case "$option" in
+      --help|-h)
+        show_help
+        exit
+        ;;
+      -d|--debug)
+        enable_debug
+        ;;
+      -y|--assume-yes)
+        assume_yes=1
+        ;;
+      -s|--select-de)
+        action=select-de
+        if [[ -n "$1" && "${1:0:1}" != "-" ]]; then
+          selected_de="$1"
+          assume_yes_for_xstartup_overwrite=1
+          if [ "$selected_de" = "manual" ]; then
+            selected_de="$manual_xstartup_choice"
+          fi
+          shift
+        fi
+        ;;
+      *)
+        echo >&2 "Unsupported argument: $option"
+        exit 1
+    esac
+  done
+}
+
+show_help() {
+  cat >&2 <<-USAGE
+Usage: $(basename "$0") [options]
+  -d, --debug      Debug output
+  -y, --assume-yes Automatic "yes" to prompts
+  -s, --select-de  Select desktop environent to run
+  --help           Show this help
+USAGE
+}
+
+add_uppercase_desktop_environment_keys() {
+  local de_cmd
+
+  for de in "${!all_desktop_environments[@]}"; do
+    de_cmd=${all_desktop_environments[$de]};
+    all_desktop_environments[${de^^}]="$de_cmd"
+  done
+}
+
+process_cli_options "$@"
+
+manual_xstartup_choice="Manually edit xstartup"
+declare -A all_desktop_environments=(
+  [Cinnamon]="exec cinnamon-session"
+  [Mate]="XDG_CURRENT_DESKTOP=MATE exec dbus-launch --exit-with-session mate-session"
+  [LXDE]="exec lxsession"
+  [Lxqt]="exec startlxqt"
+  [KDE]="exec startkde"
+  [Gnome]="XDG_CURRENT_DESKTOP=GNOME exec dbus-launch --exit-with-session /usr/bin/gnome-session"
+  [XFCE]="exec xfce4-session")
+
+readarray -t sorted_desktop_environments < <(for de in "${!all_desktop_environments[@]}"; do echo "$de"; done | sort)
+
+all_desktop_environments[$manual_xstartup_choice]=""
+sorted_desktop_environments+=("$manual_xstartup_choice")
+add_uppercase_desktop_environment_keys
+
+detected_desktop_environments=()
+declare -A numbered_desktop_environments
+
+print_detected_desktop_environments() {
+  declare -i i=1
+
+  echo "Please choose Desktop Environment to run:"
+  for detected_de in "${detected_desktop_environments[@]}"; do
+    echo "[$i] $detected_de"
+    numbered_desktop_environments[$i]=$detected_de
+    i+=1
+  done
+}
+
+detect_desktop_environments() {
+  for de_name in "${sorted_desktop_environments[@]}"; do
+    if [[ "$de_name" = "$manual_xstartup_choice" ]]; then
+      detected_desktop_environments+=("$de_name")
+      continue;
+    fi
+
+    local executable=${all_desktop_environments[$de_name]}
+    executable=($executable)
+    executable=${executable[-1]}
+
+    if detect_desktop_environment "$de_name" "$executable"; then
+      detected_desktop_environments+=("$de_name")
+    fi
+  done
+}
+
+ask_user_to_choose_de() {
+  while : ; do
+    print_detected_desktop_environments
+    read -r de_number_to_run
+    de_name_from_number "$de_number_to_run"
+    if [[ -n "$de_name" ]]; then
+      break;
+    fi
+
+    echo "Incorrect number: $de_number_to_run"
+    echo
+  done
+}
+
+remember_de_choice() {
+  touch "$de_was_selected_file"
+}
+
+de_was_selected_on_previous_run() {
+  [[ -f "$de_was_selected_file" ]]
+}
+
+detect_desktop_environment() {
+  local de_name="$1"
+  local executable="$2"
+
+  if command -v "$executable" &>/dev/null; then
+    return 0
+  fi
+
+  return 1
+}
+
+did_user_forbid_replacing_xstartup() {
+  grep -q -v KasmVNC-safe-to-replace-this-file "$xstartup_script"
+}
+
+de_cmd_from_name() {
+  de_cmd=${all_desktop_environments[${de_name^^}]}
+}
+
+de_name_from_number() {
+  local de_number_to_run="$1"
+
+  de_name=${numbered_desktop_environments[$de_number_to_run]}
+}
+
+warn_xstartup_will_be_overwriten() {
+  if [[ -n "$assume_yes" || -n "$assume_yes_for_xstartup_overwrite" ]]; then
+    return 0
+  fi
+
+  if [ ! -f "$xstartup_script" ]; then
+    return 0
+  fi
+
+  echo -n "WARNING: $xstartup_script will be overwritten y/N?"
+  read -r do_overwrite_xstartup
+  if [[ "$do_overwrite_xstartup" = "y" || "$do_overwrite_xstartup" = "Y" ]]; then
+    return 0
+  fi
+
+  return 1
+}
+
+setup_de_to_run_via_xstartup() {
+  warn_xstartup_will_be_overwriten
+  generate_xstartup "$de_name"
+}
+
+generate_xstartup() {
+  local de_name="$1"
+
+  de_cmd_from_name
+
+  cat <<-SCRIPT > "$xstartup_script"
+#!/bin/sh
+$de_cmd
+SCRIPT
+  chmod +x "$xstartup_script"
+}
+
+user_asked_to_select_de() {
+  [[ "$action" = "select-de" ]]
+}
+
+user_specified_de() {
+  [ -n "$selected_de" ]
+}
+
+check_de_name_is_valid() {
+  local selected_de="$1"
+  local de_cmd=${all_desktop_environments["${selected_de^^}"]:-}
+  if [ -z "$de_cmd" ]; then
+    echo >&2 "'$selected_de': not supported Desktop Environment"
+    return 1
+  fi
+}
+
+de_installed() {
+  local de_name="${1^^}"
+
+  for de in "${detected_desktop_environments[@]}"; do
+    if [ "${de^^}" = "$de_name" ]; then
+      return 0
+    fi
+  done
+
+  return 1
+}
+
+check_de_installed() {
+  local de_name="$1"
+
+  if ! de_installed "$de_name"; then
+    echo >&2 "'$de_name': Desktop Environment not installed"
+    return 1
+  fi
+}
+
+if user_asked_to_select_de || ! de_was_selected_on_previous_run; then
+  if user_specified_de; then
+    check_de_name_is_valid "$selected_de"
+  fi
+
+  detect_desktop_environments
+  if user_specified_de; then
+    check_de_installed "$selected_de"
+    de_name="$selected_de"
+  else
+    ask_user_to_choose_de
+  fi
+
+  debug "You selected $de_name desktop environment"
+  if [[ "$de_name" != "$manual_xstartup_choice" ]]; then
+    setup_de_to_run_via_xstartup
+  fi
+  remember_de_choice
+fi

builder/startup/vnc_startup.sh

@@ -61,9 +61,6 @@ kasmvncpasswd -d -u "$VNC_USER-to-delete" $HOME/.kasmpasswd
 chmod 0600 $HOME/.kasmpasswd
 openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $HOME/.vnc/self.pem -out $HOME/.vnc/self.pem -subj "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
 
-vncserver :1 -interface 0.0.0.0
-vncserver -kill :1
-
 if [[ -f $PASSWD_PATH ]]; then
     rm -f $PASSWD_PATH
 fi
@@ -86,10 +83,10 @@ vncserver -kill $DISPLAY &> $HOME/.vnc/vnc_startup.log \
 
 detect_www_dir
 detect_cert_location
-[ -n "$KASMVNC_VERBOSE_LOGGING" ] && verbose_logging_option="-log *:stderr:100"
+[ -n "$KASMVNC_VERBOSE_LOGGING" ] && verbose_logging_option="-debug"
 
 echo -e "start vncserver with param: VNC_COL_DEPTH=$VNC_COL_DEPTH, VNC_RESOLUTION=$VNC_RESOLUTION\n..."
-vncserver $DISPLAY -depth $VNC_COL_DEPTH -geometry $VNC_RESOLUTION -FrameRate=$MAX_FRAME_RATE -websocketPort $VNC_PORT $cert_option -sslOnly -interface 0.0.0.0 $VNCOPTIONS $package_www_dir_option $verbose_logging_option #&> $STARTUPDIR/no_vnc_startup.log
+vncserver $DISPLAY -select-de xfce -depth $VNC_COL_DEPTH -geometry $VNC_RESOLUTION -FrameRate=$MAX_FRAME_RATE -websocketPort $VNC_PORT $cert_option -sslOnly -interface 0.0.0.0 $VNCOPTIONS $package_www_dir_option $verbose_logging_option #&> $STARTUPDIR/no_vnc_startup.log
 
 PID_SUN=$!
 

builder/test-vncserver

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -e
+
+cd "$(dirname "$0")"
+. ./os_ver_cli.sh
+
+docker build --build-arg KASMVNC_PACKAGE_DIR="build/${os_codename}" \
+  -t kasmvnctester_${os}:$os_codename \
+  -f dockerfile.${os}_${os_codename}.vncserver.test .
+docker run -it -v $(realpath ${PWD}/..):/src -p 8443:8443 -p 8444:8444 \
+  -p 8445:8445 --rm \
+  -e KASMVNC_VERBOSE_LOGGING=$KASMVNC_VERBOSE_LOGGING \
+  -e "VNC_USER=foo" -e "VNC_PW=foobar" \
+  kasmvnctester_${os}:$os_codename

centos/kasmvncserver.spec

@@ -7,7 +7,7 @@ License: GPLv2+
 URL: https://github.com/kasmtech/KasmVNC
 
 BuildRequires: rsync
-Requires: xorg-x11-xauth, xorg-x11-xkb-utils, xkeyboard-config, xorg-x11-server-utils, openssl, perl
+Requires: xorg-x11-xauth, xorg-x11-xkb-utils, xkeyboard-config, xorg-x11-server-utils, openssl, perl, perl-Switch
 Conflicts: tigervnc-server, tigervnc-server-minimal
 
 %description
@@ -48,12 +48,12 @@ DESTDIR=$RPM_BUILD_ROOT
 DST_MAN=$DESTDIR/usr/share/man/man1
 
 mkdir -p $DESTDIR/usr/bin $DESTDIR/usr/share/man/man1 \
-  $DESTDIR/usr/share/doc/kasmvncserver
+  $DESTDIR/usr/share/doc/kasmvncserver $DESTDIR/usr/lib
 cp $SRC_BIN/Xvnc $DESTDIR/usr/bin;
 cp $SRC_BIN/vncserver $DESTDIR/usr/bin;
 cp $SRC_BIN/vncconfig $DESTDIR/usr/bin;
 cp $SRC_BIN/kasmvncpasswd $DESTDIR/usr/bin;
-cp $SRC_BIN/kasmxproxy $DESTDIR/usr/bin;
+cp -r $SRC/lib/kasmvnc/ $DESTDIR/usr/lib/kasmvncserver
 cd $DESTDIR/usr/bin && ln -s kasmvncpasswd vncpasswd;
 cp -r $SRC/share/doc/kasmvnc*/* $DESTDIR/usr/share/doc/kasmvncserver/
 rsync -r --exclude '.git*' --exclude po2js --exclude xgettext-html \
@@ -63,12 +63,11 @@ cp $SRC/man/man1/Xvnc.1 $DESTDIR/usr/share/man/man1/;
 cp $SRC/share/man/man1/vncserver.1 $DST_MAN;
 cp $SRC/share/man/man1/vncconfig.1 $DST_MAN;
 cp $SRC/share/man/man1/vncpasswd.1 $DST_MAN;
-cp $SRC/share/man/man1/kasmxproxy.1 $DST_MAN;
 cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 
-
 %files
 /usr/bin/*
+/usr/lib/kasmvncserver
 /usr/share/man/man1/*
 /usr/share/kasmvnc/www
 
@@ -76,7 +75,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
-* Tue Mar 22 2022 KasmTech <info@kasmweb.com> - 0.9.3~beta-1
 * Fri Feb 12 2021 KasmTech <info@kasmweb.com> - 0.9.1~beta-1
 - Initial release of the rpm package.
 

common/network/Blacklist.cxx

@@ -1,85 +0,0 @@
-/* Copyright (C) 2021 Kasm
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <arpa/inet.h>
-#include <errno.h>
-#include <netinet/tcp.h>
-#include <netdb.h>
-#include <pthread.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include <map>
-#include <string>
-
-#include <network/Blacklist.h>
-#include <rfb/Blacklist.h>
-
-static std::map<std::string, unsigned> hits;
-static std::map<std::string, time_t> blacklist;
-
-static pthread_mutex_t hitmutex = PTHREAD_MUTEX_INITIALIZER;
-static pthread_mutex_t blmutex = PTHREAD_MUTEX_INITIALIZER;
-
-unsigned char bl_isBlacklisted(const char *addr) {
-	const unsigned char count = blacklist.count(addr);
-	if (!count)
-		return 0;
-
-	const time_t now = time(NULL);
-	const unsigned timeout = rfb::Blacklist::initialTimeout;
-
-	if (pthread_mutex_lock(&blmutex))
-		abort();
-
-	if (now - timeout > blacklist[addr]) {
-		blacklist.erase(addr);
-		pthread_mutex_unlock(&blmutex);
-
-		if (pthread_mutex_lock(&hitmutex))
-			abort();
-		hits.erase(addr);
-		pthread_mutex_unlock(&hitmutex);
-		return 0;
-	} else {
-		blacklist[addr] = now;
-		pthread_mutex_unlock(&blmutex);
-		return 1;
-	}
-}
-
-void bl_addFailure(const char *addr) {
-	if (!rfb::Blacklist::threshold)
-		return;
-
-	if (pthread_mutex_lock(&hitmutex))
-		abort();
-	const unsigned num = ++hits[addr];
-	pthread_mutex_unlock(&hitmutex);
-
-	if (num >= (unsigned) rfb::Blacklist::threshold) {
-		if (pthread_mutex_lock(&blmutex))
-			abort();
-		blacklist[addr] = time(NULL);
-		pthread_mutex_unlock(&blmutex);
-	}
-}

common/network/Blacklist.h

@@ -1,33 +0,0 @@
-/* Copyright (C) 2021 Kasm
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#ifndef __NETWORK_BLACKLIST_H__
-#define __NETWORK_BLACKLIST_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-unsigned char bl_isBlacklisted(const char *);
-void bl_addFailure(const char *);
-
-#ifdef __cplusplus
-} // extern C
-#endif
-
-#endif // __NETWORK_TCP_SOCKET_H__

common/network/CMakeLists.txt

@@ -2,11 +2,8 @@ include_directories(${CMAKE_SOURCE_DIR}/common ${CMAKE_SOURCE_DIR}/unix/kasmvncp
 
 set(NETWORK_SOURCES
   GetAPIMessager.cxx
-  Blacklist.cxx
   Socket.cxx
   TcpSocket.cxx
-  cJSON.c
-  jsonescape.c
   websocket.c
   websockify.c
   ${CMAKE_SOURCE_DIR}/unix/kasmvncpasswd/kasmpasswd.c)

common/network/GetAPI.h

@@ -21,7 +21,6 @@
 
 #include <kasmpasswd.h>
 #include <pthread.h>
-#include <network/GetAPIEnums.h>
 #include <rfb/PixelBuffer.h>
 #include <rfb/PixelFormat.h>
 #include <stdint.h>
@@ -53,21 +52,17 @@ namespace network {
     uint8_t *netGetScreenshot(uint16_t w, uint16_t h,
                               const uint8_t q, const bool dedup,
                               uint32_t &len, uint8_t *staging);
-    uint8_t netAddUser(const char name[], const char pw[],
-                       const bool read, const bool write, const bool owner);
+    uint8_t netAddUser(const char name[], const char pw[], const bool write);
     uint8_t netRemoveUser(const char name[]);
-    uint8_t netUpdateUser(const char name[], const uint64_t mask,
-                          const char password[],
-                          const bool read, const bool write, const bool owner);
-    uint8_t netAddOrUpdateUser(const struct kasmpasswd_entry_t *entry);
-    void netGetUsers(const char **ptr);
+    uint8_t netGiveControlTo(const char name[]);
     void netGetBottleneckStats(char *buf, uint32_t len);
     void netGetFrameStats(char *buf, uint32_t len);
-    void netResetFrameStatsCall();
     uint8_t netServerFrameStatsReady();
 
     enum USER_ACTION {
-      NONE,
+      //USER_ADD, - handled locally for interactivity
+      USER_REMOVE,
+      USER_GIVE_CONTROL,
       WANT_FRAME_STATS_SERVERONLY,
       WANT_FRAME_STATS_ALL,
       WANT_FRAME_STATS_OWNER,

common/network/GetAPIEnums.h

@@ -1,30 +0,0 @@
-/* Copyright (C) 2021 Kasm
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#ifndef __NETWORK_GET_API_ENUMS_H__
-#define __NETWORK_GET_API_ENUMS_H__
-
-// Enums that need accessibility from both C and C++.
-enum USER_UPDATE_MASK {
-	USER_UPDATE_WRITE_MASK = 1 << 0,
-	USER_UPDATE_OWNER_MASK = 1 << 1,
-	USER_UPDATE_PASSWORD_MASK = 1 << 2,
-	USER_UPDATE_READ_MASK = 1 << 3,
-};
-
-#endif

common/network/GetAPIMessager.cxx

@@ -20,9 +20,7 @@
 
 #include <inttypes.h>
 #include <network/GetAPI.h>
-#include <network/jsonescape.h>
 #include <rfb/ConnParams.h>
-#include <rfb/EncodeManager.h>
 #include <rfb/LogWriter.h>
 #include <rfb/JpegCompressor.h>
 #include <rfb/xxhash.h>
@@ -34,6 +32,10 @@ using namespace rfb;
 
 static LogWriter vlog("GetAPIMessager");
 
+PixelBuffer *progressiveBilinearScale(const PixelBuffer *pb,
+					const uint16_t tgtw, const uint16_t tgth,
+					const float tgtdiff);
+
 struct TightJPEGConfiguration {
     int quality;
     int subsampling;
@@ -264,9 +266,10 @@ uint8_t *GetAPIMessager::netGetScreenshot(uint16_t w, uint16_t h,
 	return ret;
 }
 
-uint8_t GetAPIMessager::netAddUser(const char name[], const char pw[],
-					const bool read, const bool write,
-					const bool owner) {
+#define USERNAME_LEN sizeof(((struct kasmpasswd_entry_t *)0)->user)
+#define PASSWORD_LEN sizeof(((struct kasmpasswd_entry_t *)0)->password)
+
+uint8_t GetAPIMessager::netAddUser(const char name[], const char pw[], const bool write) {
 	if (strlen(name) >= USERNAME_LEN) {
 		vlog.error("Username too long");
 		return 0;
@@ -280,17 +283,14 @@ uint8_t GetAPIMessager::netAddUser(const char name[], const char pw[],
 	if (!passwdfile)
 		return 0;
 
-	uint8_t ret = 1;
-
 	action_data act;
 
 	memcpy(act.data.user, name, USERNAME_LEN);
 	act.data.user[USERNAME_LEN - 1] = '\0';
 	memcpy(act.data.password, pw, PASSWORD_LEN);
 	act.data.password[PASSWORD_LEN - 1] = '\0';
-	act.data.owner = owner;
+	act.data.owner = 0;
 	act.data.write = write;
-	act.data.read = read;
 
 	if (pthread_mutex_lock(&userMutex))
 		return 0;
@@ -302,9 +302,8 @@ uint8_t GetAPIMessager::netAddUser(const char name[], const char pw[],
         struct kasmpasswd_t *set = readkasmpasswd(passwdfile);
         unsigned s;
         for (s = 0; s < set->num; s++) {
-          if (!strcmp(set->entries[s].user, name)) {
-            vlog.error("Can't create user %s, already exists", name);
-            ret = 0;
+          if (!strcmp(set->entries[s].user, act.data.user)) {
+            vlog.error("Can't create user %s, already exists", act.data.user);
             goto out;
           }
         }
@@ -315,14 +314,11 @@ uint8_t GetAPIMessager::netAddUser(const char name[], const char pw[],
         set->entries[s] = act.data;
 
         writekasmpasswd(passwdfile, set);
-        vlog.info("User %s created", name);
+        vlog.info("User %s created", act.data.user);
 out:
 	pthread_mutex_unlock(&userMutex);
 
-	free(set->entries);
-	free(set);
-
-	return ret;
+	return 1;
 }
 
 uint8_t GetAPIMessager::netRemoveUser(const char name[]) {
@@ -331,189 +327,44 @@ uint8_t GetAPIMessager::netRemoveUser(const char name[]) {
 		return 0;
 	}
 
+	action_data act;
+	act.action = USER_REMOVE;
+
+	memcpy(act.data.user, name, USERNAME_LEN);
+	act.data.user[USERNAME_LEN - 1] = '\0';
+
 	if (pthread_mutex_lock(&userMutex))
 		return 0;
 
-	struct kasmpasswd_t *set = readkasmpasswd(passwdfile);
-	bool found = false;
-	unsigned s;
-	for (s = 0; s < set->num; s++) {
-		if (!strcmp(set->entries[s].user, name)) {
-			set->entries[s].user[0] = '\0';
-			found = true;
-			break;
-		}
-	}
-
-	if (found) {
-		writekasmpasswd(passwdfile, set);
-		vlog.info("User %s removed", name);
-	} else {
-		vlog.error("Tried to remove nonexistent user %s", name);
-
-		pthread_mutex_unlock(&userMutex);
-
-		free(set->entries);
-		free(set);
-
-		return 0;
-	}
+	actionQueue.push_back(act);
 
 	pthread_mutex_unlock(&userMutex);
 
-	free(set->entries);
-	free(set);
-
 	return 1;
 }
 
-uint8_t GetAPIMessager::netUpdateUser(const char name[], const uint64_t mask,
-	                              const char password[],
-	                              const bool read, const bool write, const bool owner) {
+uint8_t GetAPIMessager::netGiveControlTo(const char name[]) {
 	if (strlen(name) >= USERNAME_LEN) {
 		vlog.error("Username too long");
 		return 0;
 	}
 
-	if (strlen(password) >= PASSWORD_LEN) {
-		vlog.error("Password too long");
-		return 0;
-	}
+	action_data act;
+	act.action = USER_GIVE_CONTROL;
 
-	if (!mask) {
-		vlog.error("Update_user without any updates?");
-		return 0;
-	}
+	memcpy(act.data.user, name, USERNAME_LEN);
+	act.data.user[USERNAME_LEN - 1] = '\0';
 
 	if (pthread_mutex_lock(&userMutex))
 		return 0;
 
-	struct kasmpasswd_t *set = readkasmpasswd(passwdfile);
-	bool found = false;
-	unsigned s;
-	for (s = 0; s < set->num; s++) {
-		if (!strcmp(set->entries[s].user, name)) {
-			if (mask & USER_UPDATE_READ_MASK)
-				set->entries[s].read = read;
-			if (mask & USER_UPDATE_WRITE_MASK)
-				set->entries[s].write = write;
-			if (mask & USER_UPDATE_OWNER_MASK)
-				set->entries[s].owner = owner;
-
-			if (mask & USER_UPDATE_PASSWORD_MASK)
-				strcpy(set->entries[s].password, password);
-			found = true;
-			break;
-		}
-	}
-
-	if (found) {
-		writekasmpasswd(passwdfile, set);
-		vlog.info("User %s permissions updated", name);
-	} else {
-		vlog.error("Tried to update nonexistent user %s", name);
-
-		pthread_mutex_unlock(&userMutex);
-
-		free(set->entries);
-		free(set);
-
-		return 0;
-	}
+	actionQueue.push_back(act);
 
 	pthread_mutex_unlock(&userMutex);
 
-	free(set->entries);
-	free(set);
-
 	return 1;
 }
 
-uint8_t GetAPIMessager::netAddOrUpdateUser(const struct kasmpasswd_entry_t *entry) {
-
-	if (pthread_mutex_lock(&userMutex))
-		return 0;
-
-        struct kasmpasswd_t *set = readkasmpasswd(passwdfile);
-        unsigned s;
-        bool updated = false;
-        for (s = 0; s < set->num; s++) {
-		if (!strcmp(set->entries[s].user, entry->user)) {
-			set->entries[s] = *entry;
-			updated = true;
-			vlog.info("User %s updated", entry->user);
-			break;
-		}
-        }
-
-	if (!updated) {
-	        s = set->num++;
-		set->entries = (struct kasmpasswd_entry_t *) realloc(set->entries,
-									set->num * sizeof(struct kasmpasswd_entry_t));
-		set->entries[s] = *entry;
-	        vlog.info("User %s created", entry->user);
-        }
-
-	writekasmpasswd(passwdfile, set);
-
-	pthread_mutex_unlock(&userMutex);
-
-	free(set->entries);
-	free(set);
-
-	return 1;
-
-}
-
-void GetAPIMessager::netGetUsers(const char **outptr) {
-/*
-[
-    { "user": "username", "write": true, "owner": true },
-    { "user": "username", "write": true, "owner": true }
-]
-*/
-	char *buf;
-	char escapeduser[USERNAME_LEN * 2];
-
-	if (pthread_mutex_lock(&userMutex)) {
-		*outptr = (char *) calloc(1, 1);
-		return;
-	}
-
-	struct kasmpasswd_t *set = readkasmpasswd(passwdfile);
-
-	buf = (char *) calloc(set->num, 80);
-	FILE *f = fmemopen(buf, set->num * 80, "w");
-
-	fprintf(f, "[\n");
-
-	unsigned s;
-	for (s = 0; s < set->num; s++) {
-		JSON_escape(set->entries[s].user, escapeduser);
-
-		fprintf(f, "    { \"user\": \"%s\", \"read\": %s, \"write\": %s, \"owner\": %s }",
-			escapeduser,
-			set->entries[s].read ? "true" : "false",
-			set->entries[s].write ? "true" : "false",
-			set->entries[s].owner ? "true" : "false");
-
-		if (s == set->num - 1)
-			fprintf(f, "\n");
-		else
-			fprintf(f, ",\n");
-	}
-
-	free(set->entries);
-	free(set);
-
-	fprintf(f, "]\n");
-
-	fclose(f);
-
-	pthread_mutex_unlock(&userMutex);
-	*outptr = buf;
-}
-
 void GetAPIMessager::netGetBottleneckStats(char *buf, uint32_t len) {
 /*
 {
@@ -692,15 +543,6 @@ out:
 	pthread_mutex_unlock(&frameStatMutex);
 }
 
-void GetAPIMessager::netResetFrameStatsCall() {
-	if (pthread_mutex_lock(&frameStatMutex))
-		return;
-
-	serverFrameStats.inprogress = 0;
-
-	pthread_mutex_unlock(&frameStatMutex);
-}
-
 uint8_t GetAPIMessager::netRequestFrameStats(USER_ACTION what, const char *client) {
 	// Return 1 for success
 	action_data act;

common/network/TcpSocket.cxx

@@ -443,10 +443,10 @@ static uint8_t *screenshotCb(void *messager, uint16_t w, uint16_t h, const uint8
 }
 
 static uint8_t adduserCb(void *messager, const char name[], const char pw[],
-                          const uint8_t read, const uint8_t write, const uint8_t owner)
+                          const uint8_t write)
 {
   GetAPIMessager *msgr = (GetAPIMessager *) messager;
-  return msgr->netAddUser(name, pw, read, write, owner);
+  return msgr->netAddUser(name, pw, write);
 }
 
 static uint8_t removeCb(void *messager, const char name[])
@@ -455,24 +455,10 @@ static uint8_t removeCb(void *messager, const char name[])
   return msgr->netRemoveUser(name);
 }
 
-static uint8_t updateUserCb(void *messager, const char name[], const uint64_t mask,
-                            const char password[],
-                            const uint8_t read, const uint8_t write, const uint8_t owner)
+static uint8_t givecontrolCb(void *messager, const char name[])
 {
   GetAPIMessager *msgr = (GetAPIMessager *) messager;
-  return msgr->netUpdateUser(name, mask, password, read, write, owner);
-}
-
-static uint8_t addOrUpdateUserCb(void *messager, const struct kasmpasswd_entry_t *entry)
-{
-  GetAPIMessager *msgr = (GetAPIMessager *) messager;
-  return msgr->netAddOrUpdateUser(entry);
-}
-
-static void getUsersCb(void *messager, const char **ptr)
-{
-  GetAPIMessager *msgr = (GetAPIMessager *) messager;
-  msgr->netGetUsers(ptr);
+  return msgr->netGiveControlTo(name);
 }
 
 static void bottleneckStatsCb(void *messager, char *buf, uint32_t len)
@@ -487,12 +473,6 @@ static void frameStatsCb(void *messager, char *buf, uint32_t len)
   msgr->netGetFrameStats(buf, len);
 }
 
-static void resetFrameStatsCb(void *messager)
-{
-  GetAPIMessager *msgr = (GetAPIMessager *) messager;
-  msgr->netResetFrameStatsCall();
-}
-
 static uint8_t requestFrameStatsNoneCb(void *messager)
 {
   GetAPIMessager *msgr = (GetAPIMessager *) messager;
@@ -633,12 +613,9 @@ WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr,
   settings.screenshotCb = screenshotCb;
   settings.adduserCb = adduserCb;
   settings.removeCb = removeCb;
-  settings.updateUserCb = updateUserCb;
-  settings.addOrUpdateUserCb = addOrUpdateUserCb;
-  settings.getUsersCb = getUsersCb;
+  settings.givecontrolCb = givecontrolCb;
   settings.bottleneckStatsCb = bottleneckStatsCb;
   settings.frameStatsCb = frameStatsCb;
-  settings.resetFrameStatsCb = resetFrameStatsCb;
 
   settings.requestFrameStatsNoneCb = requestFrameStatsNoneCb;
   settings.requestFrameStatsOwnerCb = requestFrameStatsOwnerCb;
@@ -931,8 +908,6 @@ void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
       freeaddrinfo(ai);
       throw;
     }
-
-    freeaddrinfo(ai);
   }
 }
 

common/network/cJSON.h

@@ -1,295 +0,0 @@
-/*
-  Copyright (c) 2009-2017 Dave Gamble and cJSON contributors
-
-  Permission is hereby granted, free of charge, to any person obtaining a copy
-  of this software and associated documentation files (the "Software"), to deal
-  in the Software without restriction, including without limitation the rights
-  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-  copies of the Software, and to permit persons to whom the Software is
-  furnished to do so, subject to the following conditions:
-
-  The above copyright notice and this permission notice shall be included in
-  all copies or substantial portions of the Software.
-
-  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-  THE SOFTWARE.
-*/
-
-// 2fc55f6 from Jan 20, 2022
-
-#ifndef cJSON__h
-#define cJSON__h
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#if !defined(__WINDOWS__) && (defined(WIN32) || defined(WIN64) || defined(_MSC_VER) || defined(_WIN32))
-#define __WINDOWS__
-#endif
-
-#ifdef __WINDOWS__
-
-/* When compiling for windows, we specify a specific calling convention to avoid issues where we are being called from a project with a different default calling convention.  For windows you have 3 define options:
-
-CJSON_HIDE_SYMBOLS - Define this in the case where you don't want to ever dllexport symbols
-CJSON_EXPORT_SYMBOLS - Define this on library build when you want to dllexport symbols (default)
-CJSON_IMPORT_SYMBOLS - Define this if you want to dllimport symbol
-
-For *nix builds that support visibility attribute, you can define similar behavior by
-
-setting default visibility to hidden by adding
--fvisibility=hidden (for gcc)
-or
--xldscope=hidden (for sun cc)
-to CFLAGS
-
-then using the CJSON_API_VISIBILITY flag to "export" the same symbols the way CJSON_EXPORT_SYMBOLS does
-
-*/
-
-#define CJSON_CDECL __cdecl
-#define CJSON_STDCALL __stdcall
-
-/* export symbols by default, this is necessary for copy pasting the C and header file */
-#if !defined(CJSON_HIDE_SYMBOLS) && !defined(CJSON_IMPORT_SYMBOLS) && !defined(CJSON_EXPORT_SYMBOLS)
-#define CJSON_EXPORT_SYMBOLS
-#endif
-
-#if defined(CJSON_HIDE_SYMBOLS)
-#define CJSON_PUBLIC(type)   type CJSON_STDCALL
-#elif defined(CJSON_EXPORT_SYMBOLS)
-#define CJSON_PUBLIC(type)   __declspec(dllexport) type CJSON_STDCALL
-#elif defined(CJSON_IMPORT_SYMBOLS)
-#define CJSON_PUBLIC(type)   __declspec(dllimport) type CJSON_STDCALL
-#endif
-#else /* !__WINDOWS__ */
-#define CJSON_CDECL
-#define CJSON_STDCALL
-
-#if (defined(__GNUC__) || defined(__SUNPRO_CC) || defined (__SUNPRO_C)) && defined(CJSON_API_VISIBILITY)
-#define CJSON_PUBLIC(type)   __attribute__((visibility("default"))) type
-#else
-#define CJSON_PUBLIC(type) type
-#endif
-#endif
-
-/* project version */
-#define CJSON_VERSION_MAJOR 1
-#define CJSON_VERSION_MINOR 7
-#define CJSON_VERSION_PATCH 15
-
-#include <stddef.h>
-
-/* cJSON Types: */
-#define cJSON_Invalid (0)
-#define cJSON_False  (1 << 0)
-#define cJSON_True   (1 << 1)
-#define cJSON_NULL   (1 << 2)
-#define cJSON_Number (1 << 3)
-#define cJSON_String (1 << 4)
-#define cJSON_Array  (1 << 5)
-#define cJSON_Object (1 << 6)
-#define cJSON_Raw    (1 << 7) /* raw json */
-
-#define cJSON_IsReference 256
-#define cJSON_StringIsConst 512
-
-/* The cJSON structure: */
-typedef struct cJSON
-{
-    /* next/prev allow you to walk array/object chains. Alternatively, use GetArraySize/GetArrayItem/GetObjectItem */
-    struct cJSON *next;
-    struct cJSON *prev;
-    /* An array or object item will have a child pointer pointing to a chain of the items in the array/object. */
-    struct cJSON *child;
-
-    /* The type of the item, as above. */
-    int type;
-
-    /* The item's string, if type==cJSON_String  and type == cJSON_Raw */
-    char *valuestring;
-    /* writing to valueint is DEPRECATED, use cJSON_SetNumberValue instead */
-    int valueint;
-    /* The item's number, if type==cJSON_Number */
-    double valuedouble;
-
-    /* The item's name string, if this item is the child of, or is in the list of subitems of an object. */
-    char *string;
-} cJSON;
-
-typedef struct cJSON_Hooks
-{
-      /* malloc/free are CDECL on Windows regardless of the default calling convention of the compiler, so ensure the hooks allow passing those functions directly. */
-      void *(CJSON_CDECL *malloc_fn)(size_t sz);
-      void (CJSON_CDECL *free_fn)(void *ptr);
-} cJSON_Hooks;
-
-typedef int cJSON_bool;
-
-/* Limits how deeply nested arrays/objects can be before cJSON rejects to parse them.
- * This is to prevent stack overflows. */
-#ifndef CJSON_NESTING_LIMIT
-#define CJSON_NESTING_LIMIT 1000
-#endif
-
-/* returns the version of cJSON as a string */
-CJSON_PUBLIC(const char*) cJSON_Version(void);
-
-/* Supply malloc, realloc and free functions to cJSON */
-CJSON_PUBLIC(void) cJSON_InitHooks(cJSON_Hooks* hooks);
-
-/* Memory Management: the caller is always responsible to free the results from all variants of cJSON_Parse (with cJSON_Delete) and cJSON_Print (with stdlib free, cJSON_Hooks.free_fn, or cJSON_free as appropriate). The exception is cJSON_PrintPreallocated, where the caller has full responsibility of the buffer. */
-/* Supply a block of JSON, and this returns a cJSON object you can interrogate. */
-CJSON_PUBLIC(cJSON *) cJSON_Parse(const char *value);
-CJSON_PUBLIC(cJSON *) cJSON_ParseWithLength(const char *value, size_t buffer_length);
-/* ParseWithOpts allows you to require (and check) that the JSON is null terminated, and to retrieve the pointer to the final byte parsed. */
-/* If you supply a ptr in return_parse_end and parsing fails, then return_parse_end will contain a pointer to the error so will match cJSON_GetErrorPtr(). */
-CJSON_PUBLIC(cJSON *) cJSON_ParseWithOpts(const char *value, const char **return_parse_end, cJSON_bool require_null_terminated);
-CJSON_PUBLIC(cJSON *) cJSON_ParseWithLengthOpts(const char *value, size_t buffer_length, const char **return_parse_end, cJSON_bool require_null_terminated);
-
-/* Render a cJSON entity to text for transfer/storage. */
-CJSON_PUBLIC(char *) cJSON_Print(const cJSON *item);
-/* Render a cJSON entity to text for transfer/storage without any formatting. */
-CJSON_PUBLIC(char *) cJSON_PrintUnformatted(const cJSON *item);
-/* Render a cJSON entity to text using a buffered strategy. prebuffer is a guess at the final size. guessing well reduces reallocation. fmt=0 gives unformatted, =1 gives formatted */
-CJSON_PUBLIC(char *) cJSON_PrintBuffered(const cJSON *item, int prebuffer, cJSON_bool fmt);
-/* Render a cJSON entity to text using a buffer already allocated in memory with given length. Returns 1 on success and 0 on failure. */
-/* NOTE: cJSON is not always 100% accurate in estimating how much memory it will use, so to be safe allocate 5 bytes more than you actually need */
-CJSON_PUBLIC(cJSON_bool) cJSON_PrintPreallocated(cJSON *item, char *buffer, const int length, const cJSON_bool format);
-/* Delete a cJSON entity and all subentities. */
-CJSON_PUBLIC(void) cJSON_Delete(cJSON *item);
-
-/* Returns the number of items in an array (or object). */
-CJSON_PUBLIC(int) cJSON_GetArraySize(const cJSON *array);
-/* Retrieve item number "index" from array "array". Returns NULL if unsuccessful. */
-CJSON_PUBLIC(cJSON *) cJSON_GetArrayItem(const cJSON *array, int index);
-/* Get item "string" from object. Case insensitive. */
-CJSON_PUBLIC(cJSON *) cJSON_GetObjectItem(const cJSON * const object, const char * const string);
-CJSON_PUBLIC(cJSON *) cJSON_GetObjectItemCaseSensitive(const cJSON * const object, const char * const string);
-CJSON_PUBLIC(cJSON_bool) cJSON_HasObjectItem(const cJSON *object, const char *string);
-/* For analysing failed parses. This returns a pointer to the parse error. You'll probably need to look a few chars back to make sense of it. Defined when cJSON_Parse() returns 0. 0 when cJSON_Parse() succeeds. */
-CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void);
-
-/* Check item type and return its value */
-CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item);
-CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item);
-
-/* These functions check the type of an item */
-CJSON_PUBLIC(cJSON_bool) cJSON_IsInvalid(const cJSON * const item);
-CJSON_PUBLIC(cJSON_bool) cJSON_IsFalse(const cJSON * const item);
-CJSON_PUBLIC(cJSON_bool) cJSON_IsTrue(const cJSON * const item);
-CJSON_PUBLIC(cJSON_bool) cJSON_IsBool(const cJSON * const item);
-CJSON_PUBLIC(cJSON_bool) cJSON_IsNull(const cJSON * const item);
-CJSON_PUBLIC(cJSON_bool) cJSON_IsNumber(const cJSON * const item);
-CJSON_PUBLIC(cJSON_bool) cJSON_IsString(const cJSON * const item);
-CJSON_PUBLIC(cJSON_bool) cJSON_IsArray(const cJSON * const item);
-CJSON_PUBLIC(cJSON_bool) cJSON_IsObject(const cJSON * const item);
-CJSON_PUBLIC(cJSON_bool) cJSON_IsRaw(const cJSON * const item);
-
-/* These calls create a cJSON item of the appropriate type. */
-CJSON_PUBLIC(cJSON *) cJSON_CreateNull(void);
-CJSON_PUBLIC(cJSON *) cJSON_CreateTrue(void);
-CJSON_PUBLIC(cJSON *) cJSON_CreateFalse(void);
-CJSON_PUBLIC(cJSON *) cJSON_CreateBool(cJSON_bool boolean);
-CJSON_PUBLIC(cJSON *) cJSON_CreateNumber(double num);
-CJSON_PUBLIC(cJSON *) cJSON_CreateString(const char *string);
-/* raw json */
-CJSON_PUBLIC(cJSON *) cJSON_CreateRaw(const char *raw);
-CJSON_PUBLIC(cJSON *) cJSON_CreateArray(void);
-CJSON_PUBLIC(cJSON *) cJSON_CreateObject(void);
-
-/* Create a string where valuestring references a string so
- * it will not be freed by cJSON_Delete */
-CJSON_PUBLIC(cJSON *) cJSON_CreateStringReference(const char *string);
-/* Create an object/array that only references it's elements so
- * they will not be freed by cJSON_Delete */
-CJSON_PUBLIC(cJSON *) cJSON_CreateObjectReference(const cJSON *child);
-CJSON_PUBLIC(cJSON *) cJSON_CreateArrayReference(const cJSON *child);
-
-/* These utilities create an Array of count items.
- * The parameter count cannot be greater than the number of elements in the number array, otherwise array access will be out of bounds.*/
-CJSON_PUBLIC(cJSON *) cJSON_CreateIntArray(const int *numbers, int count);
-CJSON_PUBLIC(cJSON *) cJSON_CreateFloatArray(const float *numbers, int count);
-CJSON_PUBLIC(cJSON *) cJSON_CreateDoubleArray(const double *numbers, int count);
-CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char *const *strings, int count);
-
-/* Append item to the specified array/object. */
-CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToArray(cJSON *array, cJSON *item);
-CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObject(cJSON *object, const char *string, cJSON *item);
-/* Use this when string is definitely const (i.e. a literal, or as good as), and will definitely survive the cJSON object.
- * WARNING: When this function was used, make sure to always check that (item->type & cJSON_StringIsConst) is zero before
- * writing to `item->string` */
-CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObjectCS(cJSON *object, const char *string, cJSON *item);
-/* Append reference to item to the specified array/object. Use this when you want to add an existing cJSON to a new cJSON, but don't want to corrupt your existing cJSON. */
-CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToArray(cJSON *array, cJSON *item);
-CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToObject(cJSON *object, const char *string, cJSON *item);
-
-/* Remove/Detach items from Arrays/Objects. */
-CJSON_PUBLIC(cJSON *) cJSON_DetachItemViaPointer(cJSON *parent, cJSON * const item);
-CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromArray(cJSON *array, int which);
-CJSON_PUBLIC(void) cJSON_DeleteItemFromArray(cJSON *array, int which);
-CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObject(cJSON *object, const char *string);
-CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObjectCaseSensitive(cJSON *object, const char *string);
-CJSON_PUBLIC(void) cJSON_DeleteItemFromObject(cJSON *object, const char *string);
-CJSON_PUBLIC(void) cJSON_DeleteItemFromObjectCaseSensitive(cJSON *object, const char *string);
-
-/* Update array items. */
-CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON *newitem); /* Shifts pre-existing items to the right. */
-CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemViaPointer(cJSON * const parent, cJSON * const item, cJSON * replacement);
-CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInArray(cJSON *array, int which, cJSON *newitem);
-CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObject(cJSON *object,const char *string,cJSON *newitem);
-CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObjectCaseSensitive(cJSON *object,const char *string,cJSON *newitem);
-
-/* Duplicate a cJSON item */
-CJSON_PUBLIC(cJSON *) cJSON_Duplicate(const cJSON *item, cJSON_bool recurse);
-/* Duplicate will create a new, identical cJSON item to the one you pass, in new memory that will
- * need to be released. With recurse!=0, it will duplicate any children connected to the item.
- * The item->next and ->prev pointers are always zero on return from Duplicate. */
-/* Recursively compare two cJSON items for equality. If either a or b is NULL or invalid, they will be considered unequal.
- * case_sensitive determines if object keys are treated case sensitive (1) or case insensitive (0) */
-CJSON_PUBLIC(cJSON_bool) cJSON_Compare(const cJSON * const a, const cJSON * const b, const cJSON_bool case_sensitive);
-
-/* Minify a strings, remove blank characters(such as ' ', '\t', '\r', '\n') from strings.
- * The input pointer json cannot point to a read-only address area, such as a string constant, 
- * but should point to a readable and writable address area. */
-CJSON_PUBLIC(void) cJSON_Minify(char *json);
-
-/* Helper functions for creating and adding items to an object at the same time.
- * They return the added item or NULL on failure. */
-CJSON_PUBLIC(cJSON*) cJSON_AddNullToObject(cJSON * const object, const char * const name);
-CJSON_PUBLIC(cJSON*) cJSON_AddTrueToObject(cJSON * const object, const char * const name);
-CJSON_PUBLIC(cJSON*) cJSON_AddFalseToObject(cJSON * const object, const char * const name);
-CJSON_PUBLIC(cJSON*) cJSON_AddBoolToObject(cJSON * const object, const char * const name, const cJSON_bool boolean);
-CJSON_PUBLIC(cJSON*) cJSON_AddNumberToObject(cJSON * const object, const char * const name, const double number);
-CJSON_PUBLIC(cJSON*) cJSON_AddStringToObject(cJSON * const object, const char * const name, const char * const string);
-CJSON_PUBLIC(cJSON*) cJSON_AddRawToObject(cJSON * const object, const char * const name, const char * const raw);
-CJSON_PUBLIC(cJSON*) cJSON_AddObjectToObject(cJSON * const object, const char * const name);
-CJSON_PUBLIC(cJSON*) cJSON_AddArrayToObject(cJSON * const object, const char * const name);
-
-/* When assigning an integer value, it needs to be propagated to valuedouble too. */
-#define cJSON_SetIntValue(object, number) ((object) ? (object)->valueint = (object)->valuedouble = (number) : (number))
-/* helper for the cJSON_SetNumberValue macro */
-CJSON_PUBLIC(double) cJSON_SetNumberHelper(cJSON *object, double number);
-#define cJSON_SetNumberValue(object, number) ((object != NULL) ? cJSON_SetNumberHelper(object, (double)number) : (number))
-/* Change the valuestring of a cJSON_String object, only takes effect when type of object is cJSON_String */
-CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring);
-
-/* Macro for iterating over an array or object */
-#define cJSON_ArrayForEach(element, array) for(element = (array != NULL) ? (array)->child : NULL; element != NULL; element = element->next)
-
-/* malloc/free objects using the malloc/free functions that have been set with cJSON_InitHooks */
-CJSON_PUBLIC(void *) cJSON_malloc(size_t size);
-CJSON_PUBLIC(void) cJSON_free(void *object);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

common/network/datelog.h

@@ -1,25 +0,0 @@
-/* Copyright (C) 2022 Kasm
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#ifndef NETWORK_DATELOG_H
-#define NETWORK_DATELOG_H
-
-// 2022-05-18 19:51:26
-#define DATELOGFMT "%Y-%m-%d %H:%M:%S"
-
-#endif

common/network/jsonescape.c

@@ -1,179 +0,0 @@
-/* Copyright (C) 2022 Kasm
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "jsonescape.h"
-#include "cJSON.h"
-
-void JSON_escape(const char *in, char *out) {
-	for (; *in; in++) {
-		if (in[0] == '\b') {
-			*out++ = '\\';
-			*out++ = 'b';
-		} else if (in[0] == '\f') {
-			*out++ = '\\';
-			*out++ = 'f';
-		} else if (in[0] == '\n') {
-			*out++ = '\\';
-			*out++ = 'n';
-		} else if (in[0] == '\r') {
-			*out++ = '\\';
-			*out++ = 'r';
-		} else if (in[0] == '\t') {
-			*out++ = '\\';
-			*out++ = 't';
-		} else if (in[0] == '"') {
-			*out++ = '\\';
-			*out++ = '"';
-		} else if (in[0] == '\\') {
-			*out++ = '\\';
-			*out++ = '\\';
-		} else {
-			*out++ = *in;
-		}
-	}
-
-	*out = '\0';
-}
-
-void JSON_unescape(const char *in, char *out) {
-	for (; *in; in++) {
-		if (in[0] == '\\' && in[1] == 'b') {
-			*out++ = '\b';
-			in++;
-		} else if (in[0] == '\\' && in[1] == 'f') {
-			*out++ = '\f';
-			in++;
-		} else if (in[0] == '\\' && in[1] == 'n') {
-			*out++ = '\n';
-			in++;
-		} else if (in[0] == '\\' && in[1] == 'r') {
-			*out++ = '\r';
-			in++;
-		} else if (in[0] == '\\' && in[1] == 't') {
-			*out++ = '\t';
-			in++;
-		} else if (in[0] == '\\' && in[1] == '"') {
-			*out++ = '"';
-			in++;
-		} else if (in[0] == '\\' && in[1] == '\\') {
-			*out++ = '\\';
-			in++;
-		} else {
-			*out++ = *in;
-		}
-	}
-
-	*out = '\0';
-}
-
-struct kasmpasswd_t *parseJsonUsers(const char *data) {
-
-	cJSON *json = cJSON_Parse(data);
-	if (!json)
-		return NULL;
-
-	if (!(json->type & cJSON_Array))
-		return NULL;
-
-	struct kasmpasswd_t *set = calloc(sizeof(struct kasmpasswd_t), 1);
-	set->num = cJSON_GetArraySize(json);
-	set->entries = calloc(sizeof(struct kasmpasswd_entry_t), set->num);
-
-	cJSON *cur;
-	unsigned s, len;
-	for (cur = json->child, s = 0; cur; cur = cur->next, s++) {
-		if (!(cur->type & cJSON_Object))
-			goto fail;
-
-		cJSON *e;
-		struct kasmpasswd_entry_t * const entry = &set->entries[s];
-
-		entry->user[0] = '\0';
-		entry->password[0] = '\0';
-		entry->write = entry->owner = 0;
-
-		for (e = cur->child; e; e = e->next) {
-			#define field(x) if (!strcmp(x, e->string))
-
-			field("user") {
-				if (!(e->type & cJSON_String))
-					goto fail;
-				len = strlen(e->valuestring);
-
-				//printf("Val '%.*s'\n", len, start);
-
-				if (len >= USERNAME_LEN)
-					goto fail;
-
-				memcpy(entry->user, e->valuestring, len);
-				entry->user[len] = '\0';
-			} else field("password") {
-				if (!(e->type & cJSON_String))
-					goto fail;
-				len = strlen(e->valuestring);
-
-				//printf("Val '%.*s'\n", len, start);
-
-				if (len >= PASSWORD_LEN)
-					goto fail;
-
-				memcpy(entry->password, e->valuestring, len);
-				entry->password[len] = '\0';
-			} else field("write") {
-				if (!(e->type & (cJSON_False | cJSON_True)))
-					goto fail;
-
-				if (e->type & cJSON_True)
-					entry->write = 1;
-			} else field("owner") {
-				if (!(e->type & (cJSON_False | cJSON_True)))
-					goto fail;
-
-				if (e->type & cJSON_True)
-					entry->owner = 1;
-			} else field("read") {
-				if (!(e->type & (cJSON_False | cJSON_True)))
-					goto fail;
-
-				if (e->type & cJSON_True)
-					entry->read = 1;
-
-			} else {
-				//printf("Unknown field '%.*s'\n", len, start);
-				goto fail;
-			}
-
-			#undef field
-		}
-	}
-
-	cJSON_Delete(json);
-
-	return set;
-fail:
-	free(set->entries);
-	free(set);
-
-	cJSON_Delete(json);
-
-	return NULL;
-}

common/network/jsonescape.h

@@ -1,38 +0,0 @@
-/* Copyright (C) 2022 Kasm
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#ifndef __NETWORK_JSON_ESCAPE_H__
-#define __NETWORK_JSON_ESCAPE_H__
-
-#include <kasmpasswd.h>
-#include <stdint.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-void JSON_escape(const char *in, char *out);
-void JSON_unescape(const char *in, char *out);
-
-struct kasmpasswd_t *parseJsonUsers(const char *data);
-
-#ifdef __cplusplus
-} // extern C
-#endif
-
-#endif

common/network/websocket.h

@@ -1,7 +1,5 @@
 #include <openssl/ssl.h>
 #include <stdint.h>
-#include "GetAPIEnums.h"
-#include "datelog.h"
 
 #define BUFSIZE 65536
 #define DBUFSIZE (BUFSIZE * 3) / 4 - 20
@@ -67,8 +65,6 @@ struct wspass_t {
     char ip[64];
 };
 
-struct kasmpasswd_entry_t;
-
 typedef struct {
     int verbose;
     int listen_sock;
@@ -85,15 +81,11 @@ typedef struct {
                              const uint8_t dedup,
                              uint32_t *len, uint8_t *staging);
     uint8_t (*adduserCb)(void *messager, const char name[], const char pw[],
-                          const uint8_t read, const uint8_t write, const uint8_t owner);
+                          const uint8_t write);
     uint8_t (*removeCb)(void *messager, const char name[]);
-    uint8_t (*updateUserCb)(void *messager, const char name[], const uint64_t mask,
-                           const char password[],
-                           const uint8_t read, const uint8_t write, const uint8_t owner);
-    uint8_t (*addOrUpdateUserCb)(void *messager, const struct kasmpasswd_entry_t *entry);
+    uint8_t (*givecontrolCb)(void *messager, const char name[]);
     void (*bottleneckStatsCb)(void *messager, char *buf, uint32_t len);
     void (*frameStatsCb)(void *messager, char *buf, uint32_t len);
-    void (*resetFrameStatsCb)(void *messager);
 
     uint8_t (*requestFrameStatsNoneCb)(void *messager);
     uint8_t (*requestFrameStatsOwnerCb)(void *messager);
@@ -102,7 +94,6 @@ typedef struct {
 
     uint8_t (*ownerConnectedCb)(void *messager);
     uint8_t (*numActiveUsersCb)(void *messager);
-    void (*getUsersCb)(void *messager, const char **buf);
     uint8_t (*getClientFrameStatsNumCb)(void *messager);
     uint8_t (*serverFrameStatsReadyCb)(void *messager);
 } settings_t;
@@ -121,24 +112,18 @@ ssize_t ws_send(ws_ctx_t *ctx, const void *buf, size_t len);
 //int b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize);
 //int b64_pton(char const *src, u_char *target, size_t targsize);
 
-void wslog(char *logbuf, const unsigned websocket, const uint8_t debug);
-
 extern __thread unsigned wsthread_handler_id;
 
 #define gen_handler_msg(stream, ...) \
     if (settings.verbose) { \
-        char logbuf[2][1024]; \
-        wslog(logbuf[0], wsthread_handler_id, 1); \
-        sprintf(logbuf[1], __VA_ARGS__); \
-        fprintf(stream, "%s%s", logbuf[0], logbuf[1]); \
+        fprintf(stream, " websocket %d: ", wsthread_handler_id); \
+        fprintf(stream, __VA_ARGS__); \
     }
 
 #define wserr(...) \
     { \
-        char logbuf[2][1024]; \
-        wslog(logbuf[0], wsthread_handler_id, 0); \
-        sprintf(logbuf[1], __VA_ARGS__); \
-        fprintf(stderr, "%s%s", logbuf[0], logbuf[1]); \
+        fprintf(stderr, " websocket %d: ", wsthread_handler_id); \
+        fprintf(stderr, __VA_ARGS__); \
     }
 
 #define handler_msg(...) gen_handler_msg(stderr, __VA_ARGS__);

common/network/websockify.c

@@ -44,11 +44,11 @@ static void do_proxy(ws_ctx_t *ws_ctx, int target) {
     int maxfd, client = ws_ctx->sockfd;
     unsigned int opcode, left, ret;
     unsigned int tout_start, tout_end, cout_start, cout_end;
-    unsigned int tin_end;
+    unsigned int tin_start, tin_end;
     ssize_t len, bytes;
 
     tout_start = tout_end = cout_start = cout_end =
-    tin_end = 0;
+    tin_start = tin_end = 0;
     maxfd = client > target ? client+1 : target+1;
 
     while (1) {
@@ -165,7 +165,7 @@ static void do_proxy(ws_ctx_t *ws_ctx, int target) {
         }
 
         if (FD_ISSET(client, &rlist)) {
-            bytes = ws_recv(ws_ctx, ws_ctx->tin_buf + tin_end, BUFSIZE-1-tin_end);
+            bytes = ws_recv(ws_ctx, ws_ctx->tin_buf + tin_end, BUFSIZE-1);
             if (pipe_error) { break; }
             if (bytes <= 0) {
                 handler_emsg("client closed connection\n");
@@ -180,13 +180,13 @@ static void do_proxy(ws_ctx_t *ws_ctx, int target) {
             printf("\n");
             */
             if (ws_ctx->hybi) {
-                len = decode_hybi(ws_ctx->tin_buf,
-                                  tin_end,
+                len = decode_hybi(ws_ctx->tin_buf + tin_start,
+                                  tin_end-tin_start,
                                   ws_ctx->tout_buf, BUFSIZE-1,
                                   &opcode, &left);
             } else {
-                len = decode_hixie(ws_ctx->tin_buf,
-                                   tin_end,
+                len = decode_hixie(ws_ctx->tin_buf + tin_start,
+                                   tin_end-tin_start,
                                    ws_ctx->tout_buf, BUFSIZE-1,
                                    &opcode, &left);
             }
@@ -208,13 +208,10 @@ static void do_proxy(ws_ctx_t *ws_ctx, int target) {
                 break;
             }
             if (left) {
-                const unsigned tin_start = tin_end - left;
-                //handler_emsg("partial frame from client, %u left, start %u end %u, lens %lu %lu\n",
-                //             left, tin_start, tin_end, bytes, len);
-                memmove(ws_ctx->tin_buf, ws_ctx->tin_buf + tin_start, left);
-                tin_end = left;
+                tin_start = tin_end - left;
+                //printf("partial frame from client");
             } else {
-                //handler_emsg("handled %lu/%lu bytes\n", bytes, len);
+                tin_start = 0;
                 tin_end = 0;
             }
 

common/rfb/CMakeLists.txt

@@ -48,7 +48,6 @@ set(RFB_SOURCES
   Security.cxx
   SecurityServer.cxx
   SecurityClient.cxx
-  SelfBench.cxx
   SSecurityPlain.cxx
   SSecurityStack.cxx
   SSecurityVncAuth.cxx
@@ -64,7 +63,6 @@ set(RFB_SOURCES
   VNCServerST.cxx
   ZRLEEncoder.cxx
   ZRLEDecoder.cxx
-  cpuid.cxx
   encodings.cxx
   util.cxx
   xxhash.c)
@@ -98,27 +96,6 @@ if(GNUTLS_FOUND)
   )
 endif()
 
-# SSE2
-
-set(SSE2_SOURCES
-  scale_sse2.cxx)
-
-set(SCALE_DUMMY_SOURCES
-  scale_dummy.cxx)
-
-if(COMPILER_SUPPORTS_SSE2)
-  set_source_files_properties(${SSE2_SOURCES} PROPERTIES COMPILE_FLAGS ${COMPILE_FLAGS} -msse2)
-  set(RFB_SOURCES
-    ${RFB_SOURCES}
-    ${SSE2_SOURCES}
-  )
-else()
-  set(RFB_SOURCES
-    ${RFB_SOURCES}
-    ${SCALE_DUMMY_SOURCES}
-  )
-endif()
-
 add_library(rfb STATIC ${RFB_SOURCES})
 
 target_link_libraries(rfb ${RFB_LIBRARIES})

common/rfb/EncodeManager.cxx

@@ -22,12 +22,10 @@
 #include <omp.h>
 #include <stdlib.h>
 
-#include <rfb/cpuid.h>
 #include <rfb/EncCache.h>
 #include <rfb/EncodeManager.h>
 #include <rfb/Encoder.h>
 #include <rfb/Palette.h>
-#include <rfb/scale_sse2.h>
 #include <rfb/SConnection.h>
 #include <rfb/ServerCore.h>
 #include <rfb/SMsgWriter.h>
@@ -897,7 +895,7 @@ void EncodeManager::updateVideoStats(const std::vector<Rect> &rects, const Pixel
   }
 }
 
-PixelBuffer *rfb::nearestScale(const PixelBuffer *pb, const uint16_t w, const uint16_t h,
+static PixelBuffer *nearestScale(const PixelBuffer *pb, const uint16_t w, const uint16_t h,
                                  const float diff)
 {
   ManagedPixelBuffer *newpb = new ManagedPixelBuffer(pb->getPF(), w, h);
@@ -922,7 +920,7 @@ PixelBuffer *rfb::nearestScale(const PixelBuffer *pb, const uint16_t w, const ui
   return newpb;
 }
 
-PixelBuffer *rfb::bilinearScale(const PixelBuffer *pb, const uint16_t w, const uint16_t h,
+static PixelBuffer *bilinearScale(const PixelBuffer *pb, const uint16_t w, const uint16_t h,
                                  const float diff)
 {
   ManagedPixelBuffer *newpb = new ManagedPixelBuffer(pb->getPF(), w, h);
@@ -970,68 +968,10 @@ PixelBuffer *rfb::bilinearScale(const PixelBuffer *pb, const uint16_t w, const u
   return newpb;
 }
 
-PixelBuffer *rfb::progressiveBilinearScale(const PixelBuffer *pb,
+PixelBuffer *progressiveBilinearScale(const PixelBuffer *pb,
                                  const uint16_t tgtw, const uint16_t tgth,
                                  const float tgtdiff)
 {
-  if (supportsSSE2()) {
-    if (tgtdiff >= 0.5f) {
-      ManagedPixelBuffer *newpb = new ManagedPixelBuffer(pb->getPF(), tgtw, tgth);
-
-      int oldstride, newstride;
-      const rdr::U8 *oldpx = pb->getBuffer(pb->getRect(), &oldstride);
-      rdr::U8 *newpx = newpb->getBufferRW(newpb->getRect(), &newstride);
-
-      SSE2_scale(oldpx, tgtw, tgth, newpx, oldstride, newstride, tgtdiff);
-      return newpb;
-    }
-
-    PixelBuffer *newpb;
-    uint16_t neww, newh, oldw, oldh;
-    bool del = false;
-
-    do {
-      oldw = pb->getRect().width();
-      oldh = pb->getRect().height();
-      neww = oldw / 2;
-      newh = oldh / 2;
-
-      newpb = new ManagedPixelBuffer(pb->getPF(), neww, newh);
-
-      int oldstride, newstride;
-      const rdr::U8 *oldpx = pb->getBuffer(pb->getRect(), &oldstride);
-      rdr::U8 *newpx = ((ManagedPixelBuffer *) newpb)->getBufferRW(newpb->getRect(),
-                                                                   &newstride);
-
-      SSE2_halve(oldpx, neww, newh, newpx, oldstride, newstride);
-
-      if (del)
-        delete pb;
-      del = true;
-
-      pb = newpb;
-    } while (tgtw * 2 < neww);
-
-    // Final, non-halving step
-    if (tgtw != neww || tgth != newh) {
-      oldw = pb->getRect().width();
-      oldh = pb->getRect().height();
-
-      newpb = new ManagedPixelBuffer(pb->getPF(), tgtw, tgth);
-
-      int oldstride, newstride;
-      const rdr::U8 *oldpx = pb->getBuffer(pb->getRect(), &oldstride);
-      rdr::U8 *newpx = ((ManagedPixelBuffer *) newpb)->getBufferRW(newpb->getRect(),
-                                                                   &newstride);
-
-      SSE2_scale(oldpx, tgtw, tgth, newpx, oldstride, newstride, tgtw / (float) oldw);
-      if (del)
-        delete pb;
-    }
-
-    return newpb;
-  } // SSE2
-
   if (tgtdiff >= 0.5f)
     return bilinearScale(pb, tgtw, tgth, tgtdiff);
 

common/rfb/EncodeManager.h

@@ -215,13 +215,6 @@ namespace rfb {
       virtual rdr::U8* getBufferRW(const Rect& r, int* stride);
     };
   };
-
-  PixelBuffer *nearestScale(const PixelBuffer *pb, const uint16_t w, const uint16_t h,
-                            const float diff);
-  PixelBuffer *bilinearScale(const PixelBuffer *pb, const uint16_t w, const uint16_t h,
-                            const float diff);
-  PixelBuffer *progressiveBilinearScale(const PixelBuffer *pb, const uint16_t w, const uint16_t h,
-                            const float diff);
 }
 
 #endif

common/rfb/InputHandler.h

@@ -36,12 +36,9 @@ namespace rfb {
                           rdr::U32 __unused_attr keycode,
                           bool __unused_attr down) { }
     virtual void pointerEvent(const Point& __unused_attr pos,
-		              const Point& __unused_attr abspos,
 		              int __unused_attr buttonMask,
                               const bool __unused_attr skipClick,
-                              const bool __unused_attr skipRelease,
-                              int scrollX,
-                              int scrollY) { }
+                              const bool __unused_attr skipRelease) { }
     virtual void clientCutText(const char* __unused_attr str,
                                int __unused_attr len) { }
   };

common/rfb/Logger_file.cxx

@@ -20,14 +20,11 @@
 
 #include <stdlib.h>
 #include <string.h>
-#include <sys/time.h>
 
 #include <os/Mutex.h>
 
-#include <network/datelog.h>
 #include <rfb/util.h>
 #include <rfb/Logger_file.h>
-#include <rfb/LogWriter.h>
 
 using namespace rfb;
 
@@ -58,28 +55,14 @@ void Logger_File::write(int level, const char *logname, const char *message)
     if (!m_file) return;
   }
 
-  struct timeval tv;
-  gettimeofday(&tv, NULL);
-
-  if (tv.tv_sec != m_lastLogTime) {
-    m_lastLogTime = tv.tv_sec;
+  time_t current = time(0);
+  if (current != m_lastLogTime) {
+    m_lastLogTime = current;
 //    fprintf(m_file, "\n%s", ctime(&m_lastLogTime));
   }
 
-  char timebuf[128];
-  struct tm local;
-  localtime_r(&tv.tv_sec, &local);
-  strftime(timebuf, sizeof(timebuf), DATELOGFMT, &local);
-
-  const unsigned msec = tv.tv_usec / 1000;
-  const char *levelname = "PRIO";
-  if (level >= LogWriter::LEVEL_INFO)
-    levelname = "INFO";
-  if (level >= LogWriter::LEVEL_DEBUG)
-    levelname = "DEBUG";
-
-  int column = fprintf(m_file, " %s,%03u [%s] %s:", timebuf, msec, levelname, logname);
-
+  fprintf(m_file," %s:", logname);
+  int column = strlen(logname) + 2;
   if (column < indent) {
     fprintf(m_file,"%*s",indent-column,"");
     column = indent;

common/rfb/SConnection.cxx

@@ -216,7 +216,7 @@ void SConnection::processSecurityMsg()
     bool done = ssecurity->processMsg(this);
     if (done) {
       state_ = RFBSTATE_QUERYING;
-      //setAccessRights(ssecurity->getAccessRights());
+      setAccessRights(ssecurity->getAccessRights());
       queryConnection(ssecurity->getUserName());
     }
   } catch (AuthFailureException& e) {
@@ -284,28 +284,74 @@ void SConnection::setEncodings(int nEncodings, const rdr::S32* encodings)
   }
 
   SMsgHandler::setEncodings(nEncodings, encodings);
+
+  if (cp.supportsExtendedClipboard) {
+    rdr::U32 sizes[] = { 0 };
+    writer()->writeClipboardCaps(rfb::clipboardUTF8 |
+                                 rfb::clipboardRequest |
+                                 rfb::clipboardPeek |
+                                 rfb::clipboardNotify |
+                                 rfb::clipboardProvide,
+                                 sizes);
+  }
 }
 
-void SConnection::clearBinaryClipboard()
+void SConnection::clientCutText(const char* str, int len)
 {
-  binaryClipboard.clear();
+  hasLocalClipboard = false;
+
+  strFree(clientClipboard);
+  clientClipboard = NULL;
+
+  clientClipboard = latin1ToUTF8(str);
+
+  handleClipboardAnnounce(true);
 }
 
-void SConnection::addBinaryClipboard(const char mime[], const rdr::U8 *data,
-                                     const rdr::U32 len, const rdr::U32 id)
+void SConnection::handleClipboardRequest(rdr::U32 flags)
 {
-  binaryClipboard_t bin;
-  strncpy(bin.mime, mime, sizeof(bin.mime));
-  bin.mime[sizeof(bin.mime) - 1] = '\0';
-
-  bin.data.resize(len);
-  memcpy(&bin.data[0], data, len);
-
-  bin.id = id;
-
-  binaryClipboard.push_back(bin);
+  if (!(flags & rfb::clipboardUTF8))
+    return;
+  if (!hasLocalClipboard)
+    return;
+  handleClipboardRequest();
 }
 
+void SConnection::handleClipboardPeek(rdr::U32 flags)
+{
+  if (!hasLocalClipboard)
+    return;
+  if (cp.clipboardFlags() & rfb::clipboardNotify)
+    writer()->writeClipboardNotify(rfb::clipboardUTF8);
+}
+
+void SConnection::handleClipboardNotify(rdr::U32 flags)
+{
+  strFree(clientClipboard);
+  clientClipboard = NULL;
+
+  if (flags & rfb::clipboardUTF8) {
+    handleClipboardAnnounce(true);
+    hasLocalClipboard = false;
+  } else {
+    handleClipboardAnnounce(false);
+  }
+}
+
+void SConnection::handleClipboardProvide(rdr::U32 flags,
+                                         const size_t* lengths,
+                                         const rdr::U8* const* data)
+{
+  if (!(flags & rfb::clipboardUTF8))
+    return;
+
+  strFree(clientClipboard);
+  clientClipboard = NULL;
+
+  clientClipboard = convertLF((const char*)data[0], lengths[0]);
+
+  handleClipboardData(clientClipboard, strlen(clientClipboard));
+}
 
 void SConnection::supportsQEMUKeyEvent()
 {
@@ -399,13 +445,56 @@ void SConnection::enableContinuousUpdates(bool enable,
 {
 }
 
+void SConnection::handleClipboardRequest()
+{
+}
+
 void SConnection::handleClipboardAnnounce(bool available)
 {
 }
 
+void SConnection::handleClipboardData(const char* data, int len)
+{
+}
+
+void SConnection::requestClipboard()
+{
+  if (clientClipboard != NULL) {
+    handleClipboardData(clientClipboard, strlen(clientClipboard));
+    return;
+  }
+
+  if (cp.supportsExtendedClipboard &&
+      (cp.clipboardFlags() & rfb::clipboardRequest))
+    writer()->writeClipboardRequest(rfb::clipboardUTF8);
+}
+
 void SConnection::announceClipboard(bool available)
 {
   hasLocalClipboard = available;
+
+  if (cp.supportsExtendedClipboard &&
+      (cp.clipboardFlags() & rfb::clipboardNotify))
+    writer()->writeClipboardNotify(available ? rfb::clipboardUTF8 : 0);
+  else {
+    if (available)
+      handleClipboardRequest();
+  }
+}
+
+void SConnection::sendClipboardData(const char* data, int len)
+{
+  if (cp.supportsExtendedClipboard &&
+      (cp.clipboardFlags() & rfb::clipboardProvide)) {
+    CharArray filtered(convertCRLF(data));
+    size_t sizes[1] = { strlen(filtered.buf) + 1 };
+    const rdr::U8* data[1] = { (const rdr::U8*)filtered.buf };
+    writer()->writeClipboardProvide(rfb::clipboardUTF8, sizes, data);
+  } else {
+    CharArray latin1(utf8ToLatin1(data));
+
+    writer()->writeServerCutText(latin1.buf, strlen(latin1.buf));
+  }
 }
 
 void SConnection::writeFakeColourMap(void)

common/rfb/SConnection.h

@@ -28,7 +28,6 @@
 #include <rdr/OutStream.h>
 #include <rfb/SMsgHandler.h>
 #include <rfb/SecurityServer.h>
-#include <vector>
 
 namespace rfb {
 
@@ -74,9 +73,14 @@ namespace rfb {
 
     virtual void setEncodings(int nEncodings, const rdr::S32* encodings);
 
-    virtual void clearBinaryClipboard();
-    virtual void addBinaryClipboard(const char mime[], const rdr::U8 *data,
-                                    const rdr::U32 len, const rdr::U32 id);
+    virtual void clientCutText(const char* str, int len);
+
+    virtual void handleClipboardRequest(rdr::U32 flags);
+    virtual void handleClipboardPeek(rdr::U32 flags);
+    virtual void handleClipboardNotify(rdr::U32 flags);
+    virtual void handleClipboardProvide(rdr::U32 flags,
+                                        const size_t* lengths,
+                                        const rdr::U8* const* data);
 
     virtual void supportsQEMUKeyEvent();
 
@@ -123,11 +127,25 @@ namespace rfb {
     virtual void enableContinuousUpdates(bool enable,
                                          int x, int y, int w, int h);
 
+    // handleClipboardRequest() is called whenever the client requests
+    // the server to send over its clipboard data. It will only be
+    // called after the server has first announced a clipboard change
+    // via announceClipboard().
+    virtual void handleClipboardRequest();
+
     // handleClipboardAnnounce() is called to indicate a change in the
     // clipboard on the client. Call requestClipboard() to access the
     // actual data.
     virtual void handleClipboardAnnounce(bool available);
 
+    // handleClipboardData() is called when the client has sent over
+    // the clipboard data as a result of a previous call to
+    // requestClipboard(). Note that this function might never be
+    // called if the clipboard data was no longer available when the
+    // client received the request.
+    virtual void handleClipboardData(const char* data, int len);
+
+
     virtual void add_changed_all() {}
 
     // setAccessRights() allows a security package to limit the access rights
@@ -144,14 +162,26 @@ namespace rfb {
     static const AccessRights AccessDefault;        // The default rights, INCLUDING FUTURE ONES
     static const AccessRights AccessNoQuery;        // Connect without local user accepting
     static const AccessRights AccessFull;           // All of the available AND FUTURE rights
+    virtual void setAccessRights(AccessRights ar) = 0;
 
     // Other methods
 
+    // requestClipboard() will result in a request to the client to
+    // transfer its clipboard data. A call to handleClipboardData()
+    // will be made once the data is available.
+    virtual void requestClipboard();
+
     // announceClipboard() informs the client of changes to the
     // clipboard on the server. The client may later request the
     // clipboard data via handleClipboardRequest().
     virtual void announceClipboard(bool available);
 
+    // sendClipboardData() transfers the clipboard data to the client
+    // and should be called whenever the client has requested the
+    // clipboard via handleClipboardRequest().
+    virtual void sendClipboardData(const char* data, int len);
+
+
     // authenticated() returns true if the client has authenticated
     // successfully.
     bool authenticated() { return (state_ == RFBSTATE_INITIALISATION ||
@@ -191,20 +221,12 @@ namespace rfb {
 
     rdr::S32 getPreferredEncoding() { return preferredEncoding; }
 
-    struct binaryClipboard_t {
-        char mime[32];
-        rdr::U32 id;
-        std::vector<unsigned char> data;
-    };
-
   protected:
     void setState(stateEnum s) { state_ = s; }
 
     void setReader(SMsgReader *r) { reader_ = r; }
     void setWriter(SMsgWriter *w) { writer_ = w; }
 
-    std::vector<binaryClipboard_t> binaryClipboard;
-
   private:
     void writeFakeColourMap(void);
 

common/rfb/SDesktop.h

@@ -78,13 +78,23 @@ namespace rfb {
     // the relevant RFB protocol messages from clients.
     // See InputHandler for method signatures.
 
+    // handleClipboardRequest() is called whenever a client requests
+    // the server to send over its clipboard data. It will only be
+    // called after the server has first announced a clipboard change
+    // via VNCServer::announceClipboard().
+    virtual void handleClipboardRequest() {}
+
     // handleClipboardAnnounce() is called to indicate a change in the
     // clipboard on a client. Call VNCServer::requestClipboard() to
     // access the actual data.
     virtual void handleClipboardAnnounce(bool __unused_attr available) {}
 
-    virtual void handleClipboardAnnounceBinary(const unsigned __unused_attr num,
-                                               const char __unused_attr mimes[][32]) {}
+    // handleClipboardData() is called when a client has sent over
+    // the clipboard data as a result of a previous call to
+    // VNCServer::requestClipboard(). Note that this function might
+    // never be called if the clipboard data was no longer available
+    // when the client received the request.
+    virtual void handleClipboardData(const char* __unused_attr data, int len __unused_attr) {}
 
   protected:
     virtual ~SDesktop() {}

common/rfb/SMsgHandler.cxx

@@ -64,16 +64,26 @@ void SMsgHandler::setEncodings(int nEncodings, const rdr::S32* encodings)
     supportsQEMUKeyEvent();
 }
 
-void SMsgHandler::handleClipboardAnnounceBinary(const unsigned, const char mimes[][32])
+void SMsgHandler::handleClipboardCaps(rdr::U32 flags, const rdr::U32* lengths)
+{
+  cp.setClipboardCaps(flags, lengths);
+}
+
+void SMsgHandler::handleClipboardRequest(rdr::U32 flags)
 {
 }
 
-void SMsgHandler::clearBinaryClipboard()
+void SMsgHandler::handleClipboardPeek(rdr::U32 flags)
 {
 }
 
-void SMsgHandler::addBinaryClipboard(const char mime[], const rdr::U8 *data,
-                                     const rdr::U32 len, const rdr::U32 id)
+void SMsgHandler::handleClipboardNotify(rdr::U32 flags)
+{
+}
+
+void SMsgHandler::handleClipboardProvide(rdr::U32 flags,
+                                         const size_t* lengths,
+                                         const rdr::U8* const* data)
 {
 }
 

common/rfb/SMsgHandler.h

@@ -54,10 +54,14 @@ namespace rfb {
     virtual void enableContinuousUpdates(bool enable,
                                          int x, int y, int w, int h) = 0;
 
-    virtual void handleClipboardAnnounceBinary(const unsigned num, const char mimes[][32]);
-    virtual void clearBinaryClipboard();
-    virtual void addBinaryClipboard(const char mime[], const rdr::U8 *data,
-                                    const rdr::U32 len, const rdr::U32 id);
+    virtual void handleClipboardCaps(rdr::U32 flags,
+                                     const rdr::U32* lengths);
+    virtual void handleClipboardRequest(rdr::U32 flags);
+    virtual void handleClipboardPeek(rdr::U32 flags);
+    virtual void handleClipboardNotify(rdr::U32 flags);
+    virtual void handleClipboardProvide(rdr::U32 flags,
+                                        const size_t* lengths,
+                                        const rdr::U8* const* data);
 
     virtual void sendStats(const bool toClient = true) = 0;
     virtual void handleFrameStats(rdr::U32 all, rdr::U32 render) = 0;

common/rfb/SMsgReader.cxx

@@ -35,6 +35,8 @@ using namespace rfb;
 
 static LogWriter vlog("SMsgReader");
 
+static IntParameter maxCutText("MaxCutText", "Maximum permitted length of an incoming clipboard update", 256*1024);
+
 SMsgReader::SMsgReader(SMsgHandler* handler_, rdr::InStream* is_)
   : handler(handler_), is(is_)
 {
@@ -81,9 +83,6 @@ void SMsgReader::readMsg()
   case msgTypeFrameStats:
     readFrameStats();
     break;
-  case msgTypeBinaryClipboard:
-    readBinaryClipboard();
-    break;
   case msgTypeKeyEvent:
     readKeyEvent();
     break;
@@ -224,10 +223,7 @@ void SMsgReader::readPointerEvent()
   int mask = is->readU8();
   int x = is->readU16();
   int y = is->readU16();
-  int scrollX = is->readS16();
-  int scrollY = is->readS16();
-  
-  handler->pointerEvent(Point(x, y), Point(0, 0), mask, false, false, scrollX, scrollY);
+  handler->pointerEvent(Point(x, y), mask, false, false);
 }
 
 
@@ -242,54 +238,109 @@ void SMsgReader::readClientCutText()
     readExtendedClipboard(slen);
     return;
   }
-  is->skip(len);
-  vlog.error("Client sent old cuttext msg, ignoring");
-}
-
-void SMsgReader::readBinaryClipboard()
-{
-  const rdr::U8 num = is->readU8();
-  rdr::U8 i, valid = 0;
-  char tmpmimes[num][32];
-
-  handler->clearBinaryClipboard();
-  for (i = 0; i < num; i++) {
-    const rdr::U8 mimelen = is->readU8();
-    if (mimelen > 32 - 1) {
-      vlog.error("Mime too long (%u)", mimelen);
-    }
-
-    char mime[mimelen + 1];
-    mime[mimelen] = '\0';
-    is->readBytes(mime, mimelen);
-
-    strncpy(tmpmimes[valid], mime, 32);
-    tmpmimes[valid][31] = '\0';
-
-    const rdr::U32 len = is->readU32();
-    CharArray ca(len);
-    is->readBytes(ca.buf, len);
-
-    if (rfb::Server::DLP_ClipAcceptMax && len > (unsigned) rfb::Server::DLP_ClipAcceptMax) {
-      vlog.info("DLP: refused to receive binary clipboard, too large");
-      continue;
-    }
-
-    vlog.debug("Received binary clipboard, type %s, %u bytes", mime, len);
-
-    handler->addBinaryClipboard(mime, (rdr::U8 *) ca.buf, len, 0);
-    valid++;
+  if (len > (size_t)maxCutText) {
+    is->skip(len);
+    vlog.error("Cut text too long (%d bytes) - ignoring", len);
+    return;
   }
-
-  handler->handleClipboardAnnounceBinary(valid, tmpmimes);
+  CharArray ca(len+1);
+  ca.buf[len] = 0;
+  is->readBytes(ca.buf, len);
+  handler->clientCutText(ca.buf, len);
 }
 
 void SMsgReader::readExtendedClipboard(rdr::S32 len)
 {
+  rdr::U32 flags;
+  rdr::U32 action;
+
   if (len < 4)
     throw Exception("Invalid extended clipboard message");
-  vlog.error("Client sent old cuttext msg, ignoring");
-  is->skip(len);
+  if (len > maxCutText) {
+    vlog.error("Extended clipboard message too long (%d bytes) - ignoring", len);
+    is->skip(len);
+    return;
+  }
+
+  flags = is->readU32();
+  action = flags & clipboardActionMask;
+
+  if (action & clipboardCaps) {
+    int i;
+    size_t num;
+    rdr::U32 lengths[16];
+
+    num = 0;
+    for (i = 0;i < 16;i++) {
+      if (flags & (1 << i))
+        num++;
+    }
+
+    if (len < (rdr::S32)(4 + 4*num))
+      throw Exception("Invalid extended clipboard message");
+
+    num = 0;
+    for (i = 0;i < 16;i++) {
+      if (flags & (1 << i))
+        lengths[num++] = is->readU32();
+    }
+
+    handler->handleClipboardCaps(flags, lengths);
+  } else if (action == clipboardProvide) {
+    rdr::ZlibInStream zis;
+
+    int i;
+    size_t num;
+    size_t lengths[16];
+    rdr::U8* buffers[16];
+
+    zis.setUnderlying(is, len - 4);
+
+    num = 0;
+    for (i = 0;i < 16;i++) {
+      if (!(flags & 1 << i))
+        continue;
+
+      lengths[num] = zis.readU32();
+      if (lengths[num] > (size_t)maxCutText) {
+        vlog.error("Extended clipboard data too long (%d bytes) - ignoring",
+                   (unsigned)lengths[num]);
+        zis.skip(lengths[num]);
+        flags &= ~(1 << i);
+        continue;
+      }
+
+      buffers[num] = new rdr::U8[lengths[num]];
+      zis.readBytes(buffers[num], lengths[num]);
+      num++;
+    }
+
+    zis.flushUnderlying();
+    zis.setUnderlying(NULL, 0);
+
+    handler->handleClipboardProvide(flags, lengths, buffers);
+
+    num = 0;
+    for (i = 0;i < 16;i++) {
+      if (!(flags & 1 << i))
+        continue;
+      delete [] buffers[num++];
+    }
+  } else {
+    switch (action) {
+    case clipboardRequest:
+      handler->handleClipboardRequest(flags);
+      break;
+    case clipboardPeek:
+      handler->handleClipboardPeek(flags);
+      break;
+    case clipboardNotify:
+      handler->handleClipboardNotify(flags);
+      break;
+    default:
+      throw Exception("Invalid extended clipboard action");
+    }
+  }
 }
 
 void SMsgReader::readRequestStats()

common/rfb/SMsgReader.h

@@ -58,7 +58,6 @@ namespace rfb {
     void readExtendedClipboard(rdr::S32 len);
     void readRequestStats();
     void readFrameStats();
-    void readBinaryClipboard();
 
     void readQEMUMessage();
     void readQEMUKeyEvent();

common/rfb/SMsgWriter.cxx

@@ -85,24 +85,118 @@ void SMsgWriter::writeBell()
   endMsg();
 }
 
-void SMsgWriter::writeBinaryClipboard(const std::vector<SConnection::binaryClipboard_t> &b)
+void SMsgWriter::writeServerCutText(const char* str, int len)
 {
-  startMsg(msgTypeBinaryClipboard);
+  startMsg(msgTypeServerCutText);
+  os->pad(3);
+  os->writeU32(len);
+  os->writeBytes(str, len);
+  endMsg();
+}
 
-  os->writeU8(b.size());
-  rdr::U8 i;
-  for (i = 0; i < b.size(); i++) {
-    const rdr::U32 id = b[i].id;
-    os->writeU32(id);
+void SMsgWriter::writeClipboardCaps(rdr::U32 caps,
+                                    const rdr::U32* lengths)
+{
+  size_t i, count;
 
-    const rdr::U8 mimelen = strlen(b[i].mime);
-    os->writeU8(mimelen);
-    os->writeBytes(b[i].mime, mimelen);
+  if (!cp->supportsExtendedClipboard)
+    throw Exception("Client does not support extended clipboard");
 
-    os->writeU32(b[i].data.size());
-    os->writeBytes(&b[i].data[0], b[i].data.size());
+  count = 0;
+  for (i = 0;i < 16;i++) {
+    if (caps & (1 << i))
+      count++;
   }
 
+  startMsg(msgTypeServerCutText);
+  os->pad(3);
+  os->writeS32(-(4 + 4 * count));
+
+  os->writeU32(caps | clipboardCaps);
+
+  count = 0;
+  for (i = 0;i < 16;i++) {
+    if (caps & (1 << i))
+      os->writeU32(lengths[count++]);
+  }
+
+  endMsg();
+}
+
+void SMsgWriter::writeClipboardRequest(rdr::U32 flags)
+{
+  if (!cp->supportsExtendedClipboard)
+    throw Exception("Client does not support extended clipboard");
+  if (!(cp->clipboardFlags() & clipboardRequest))
+    throw Exception("Client does not support clipboard \"request\" action");
+
+  startMsg(msgTypeServerCutText);
+  os->pad(3);
+  os->writeS32(-4);
+  os->writeU32(flags | clipboardRequest);
+  endMsg();
+}
+
+void SMsgWriter::writeClipboardPeek(rdr::U32 flags)
+{
+  if (!cp->supportsExtendedClipboard)
+    throw Exception("Client does not support extended clipboard");
+  if (!(cp->clipboardFlags() & clipboardPeek))
+    throw Exception("Client does not support clipboard \"peek\" action");
+
+  startMsg(msgTypeServerCutText);
+  os->pad(3);
+  os->writeS32(-4);
+  os->writeU32(flags | clipboardPeek);
+  endMsg();
+}
+
+void SMsgWriter::writeClipboardNotify(rdr::U32 flags)
+{
+  if (!cp->supportsExtendedClipboard)
+    throw Exception("Client does not support extended clipboard");
+  if (!(cp->clipboardFlags() & clipboardNotify))
+    throw Exception("Client does not support clipboard \"notify\" action");
+
+  startMsg(msgTypeServerCutText);
+  os->pad(3);
+  os->writeS32(-4);
+  os->writeU32(flags | clipboardNotify);
+  endMsg();
+}
+
+void SMsgWriter::writeClipboardProvide(rdr::U32 flags,
+                                      const size_t* lengths,
+                                      const rdr::U8* const* data)
+{
+  rdr::MemOutStream mos;
+  rdr::ZlibOutStream zos;
+
+  int i, count;
+
+  if (!cp->supportsExtendedClipboard)
+    throw Exception("Client does not support extended clipboard");
+  if (!(cp->clipboardFlags() & clipboardProvide))
+    throw Exception("Client does not support clipboard \"provide\" action");
+
+  zos.setUnderlying(&mos);
+
+  count = 0;
+  for (i = 0;i < 16;i++) {
+    if (!(flags & (1 << i)))
+      continue;
+    zos.writeU32(lengths[count]);
+    zos.writeBytes(data[count], lengths[count]);
+    count++;
+  }
+
+  zos.flush();
+
+  startMsg(msgTypeServerCutText);
+  os->pad(3);
+  os->writeS32(-(4 + mos.length()));
+  os->writeU32(flags | clipboardProvide);
+  os->writeBytes(mos.data(), mos.length());
   endMsg();
 }
 

common/rfb/SMsgWriter.h

@@ -26,8 +26,6 @@
 #include <rdr/types.h>
 #include <rfb/encodings.h>
 #include <rfb/ScreenSet.h>
-#include <rfb/SConnection.h>
-#include <vector>
 
 namespace rdr { class OutStream; }
 
@@ -56,8 +54,14 @@ namespace rfb {
 
     // writeBell() and writeServerCutText() do the obvious thing.
     void writeBell();
+    void writeServerCutText(const char* str, int len);
 
-    void writeBinaryClipboard(const std::vector<SConnection::binaryClipboard_t> &b);
+    void writeClipboardCaps(rdr::U32 caps, const rdr::U32* lengths);
+    void writeClipboardRequest(rdr::U32 flags);
+    void writeClipboardPeek(rdr::U32 flags);
+    void writeClipboardNotify(rdr::U32 flags);
+    void writeClipboardProvide(rdr::U32 flags, const size_t* lengths,
+                               const rdr::U8* const* data);
 
     void writeStats(const char* str, int len);
 

common/rfb/SelfBench.cxx

@@ -1,197 +0,0 @@
-/* Copyright (C) 2021 Kasm Web
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#include <rfb/ComparingUpdateTracker.h>
-#include <rfb/EncodeManager.h>
-#include <rfb/LogWriter.h>
-#include <rfb/SConnection.h>
-#include <rfb/ServerCore.h>
-#include <rfb/PixelBuffer.h>
-#include <rfb/TightJPEGEncoder.h>
-#include <rfb/TightWEBPEncoder.h>
-#include <rfb/util.h>
-#include <sys/time.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-using namespace rfb;
-static LogWriter vlog("SelfBench");
-
-static const PixelFormat pfRGBX(32, 24, false, true, 255, 255, 255, 0, 8, 16);
-
-#define RUNS 64
-
-#define W 1600
-#define H 1200
-
-void SelfBench() {
-
-	unsigned i, runs;
-	struct timeval start;
-
-	ManagedPixelBuffer f1(pfRGBX, W, H);
-	ManagedPixelBuffer f2(pfRGBX, W, H);
-	ManagedPixelBuffer screen(pfRGBX, W, H);
-
-	int stride;
-	rdr::U8 *f1ptr = f1.getBufferRW(f1.getRect(), &stride);
-	rdr::U8 *f2ptr = f2.getBufferRW(f2.getRect(), &stride);
-	rdr::U8 * const screenptr = screen.getBufferRW(screen.getRect(), &stride);
-
-	rdr::U8 * const f1orig = f1ptr;
-	rdr::U8 * const f2orig = f2ptr;
-
-	for (i = 0; i < W * H * 4; i += 4) {
-		f1ptr[0] = rand();
-		f1ptr[1] = rand();
-		f1ptr[2] = rand();
-
-		f2ptr[0] = rand();
-		f2ptr[1] = rand();
-		f2ptr[2] = rand();
-
-		f1ptr += 4;
-		f2ptr += 4;
-	}
-
-	vlog.info("Running micro-benchmarks (single-threaded, runs depending on task)");
-
-	// Encoding
-	std::vector<uint8_t> vec;
-
-	TightJPEGEncoder jpeg(NULL);
-
-	gettimeofday(&start, NULL);
-	runs = RUNS;
-	for (i = 0; i < runs; i++) {
-		jpeg.compressOnly(&f1, 8, vec, false);
-	}
-	vlog.info("Jpeg compression at quality 8 took %u ms (%u runs)", msSince(&start), runs);
-
-	gettimeofday(&start, NULL);
-	runs = RUNS;
-	for (i = 0; i < runs; i++) {
-		jpeg.compressOnly(&f1, 4, vec, false);
-	}
-	vlog.info("Jpeg compression at quality 4 took %u ms (%u runs)", msSince(&start), runs);
-
-
-	TightWEBPEncoder webp(NULL);
-
-	gettimeofday(&start, NULL);
-	runs = RUNS / 8;
-	for (i = 0; i < runs; i++) {
-		webp.compressOnly(&f1, 8, vec, false);
-	}
-	vlog.info("Webp compression at quality 8 took %u ms (%u runs)", msSince(&start), runs);
-
-	gettimeofday(&start, NULL);
-	runs = RUNS / 4;
-	for (i = 0; i < runs; i++) {
-		webp.compressOnly(&f1, 4, vec, false);
-	}
-	vlog.info("Webp compression at quality 4 took %u ms (%u runs)", msSince(&start), runs);
-
-	// Scaling
-	gettimeofday(&start, NULL);
-	runs = RUNS;
-	for (i = 0; i < runs; i++) {
-		PixelBuffer *pb = nearestScale(&f1, W * 0.8, H * 0.8, 0.8);
-		delete pb;
-	}
-	vlog.info("Nearest scaling to 80%% took %u ms (%u runs)", msSince(&start), runs);
-
-	gettimeofday(&start, NULL);
-	runs = RUNS;
-	for (i = 0; i < runs; i++) {
-		PixelBuffer *pb = nearestScale(&f1, W * 0.4, H * 0.4, 0.4);
-		delete pb;
-	}
-	vlog.info("Nearest scaling to 40%% took %u ms (%u runs)", msSince(&start), runs);
-
-	gettimeofday(&start, NULL);
-	runs = RUNS;
-	for (i = 0; i < runs; i++) {
-		PixelBuffer *pb = bilinearScale(&f1, W * 0.8, H * 0.8, 0.8);
-		delete pb;
-	}
-	vlog.info("Bilinear scaling to 80%% took %u ms (%u runs)", msSince(&start), runs);
-
-	gettimeofday(&start, NULL);
-	runs = RUNS;
-	for (i = 0; i < runs; i++) {
-		PixelBuffer *pb = bilinearScale(&f1, W * 0.4, H * 0.4, 0.4);
-		delete pb;
-	}
-	vlog.info("Bilinear scaling to 40%% took %u ms (%u runs)", msSince(&start), runs);
-
-	gettimeofday(&start, NULL);
-	runs = RUNS;
-	for (i = 0; i < runs; i++) {
-		PixelBuffer *pb = progressiveBilinearScale(&f1, W * 0.8, H * 0.8, 0.8);
-		delete pb;
-	}
-	vlog.info("Progressive bilinear scaling to 80%% took %u ms (%u runs)", msSince(&start), runs);
-
-	gettimeofday(&start, NULL);
-	runs = RUNS;
-	for (i = 0; i < runs; i++) {
-		PixelBuffer *pb = progressiveBilinearScale(&f1, W * 0.4, H * 0.4, 0.4);
-		delete pb;
-	}
-	vlog.info("Progressive bilinear scaling to 40%% took %u ms (%u runs)", msSince(&start), runs);
-
-	// Analysis
-	ComparingUpdateTracker *comparer = new ComparingUpdateTracker(&screen);
-	Region cursorReg;
-
-	Server::detectScrolling.setParam(false);
-	Server::detectHorizontal.setParam(false);
-
-	gettimeofday(&start, NULL);
-	runs = RUNS;
-	for (i = 0; i < runs; i++) {
-		memcpy(screenptr, i % 2 ? f1orig : f2orig, W * H * 4);
-		comparer->compare(true, cursorReg);
-	}
-	vlog.info("Analysis took %u ms (%u runs) (incl. memcpy overhead)", msSince(&start), runs);
-
-	Server::detectScrolling.setParam(true);
-
-	gettimeofday(&start, NULL);
-	runs = RUNS;
-	for (i = 0; i < runs; i++) {
-		memcpy(screenptr, i % 2 ? f1orig : f2orig, W * H * 4);
-		comparer->compare(false, cursorReg);
-	}
-	vlog.info("Analysis w/ scroll detection took %u ms (%u runs) (incl. memcpy overhead)", msSince(&start), runs);
-
-	Server::detectHorizontal.setParam(true);
-	delete comparer;
-	comparer = new ComparingUpdateTracker(&screen);
-
-	gettimeofday(&start, NULL);
-	runs = RUNS / 2;
-	for (i = 0; i < runs; i++) {
-		memcpy(screenptr, i % 2 ? f1orig : f2orig, W * H * 4);
-		comparer->compare(false, cursorReg);
-	}
-	vlog.info("Analysis w/ horizontal scroll detection took %u ms (%u runs) (incl. memcpy overhead)", msSince(&start), runs);
-
-	exit(0);
-}

common/rfb/ServerCore.cxx

@@ -113,10 +113,6 @@ rfb::BoolParameter rfb::Server::ignoreClientSettingsKasm
 ("IgnoreClientSettingsKasm",
  "Ignore the additional client settings exposed in Kasm.",
  false);
-rfb::BoolParameter rfb::Server::selfBench
-("SelfBench",
- "Run self-benchmarks and exit.",
- false);
 rfb::IntParameter rfb::Server::dynamicQualityMin
 ("DynamicQualityMin",
  "The minimum dynamic JPEG quality, 0 = low, 9 = high",
@@ -149,15 +145,15 @@ rfb::IntParameter rfb::Server::webpVideoQuality
 rfb::IntParameter rfb::Server::DLP_ClipSendMax
 ("DLP_ClipSendMax",
  "Limit clipboard bytes to send to clients in one transaction",
- 0, 0, INT_MAX);
+ 10000, 0, INT_MAX);
 rfb::IntParameter rfb::Server::DLP_ClipAcceptMax
 ("DLP_ClipAcceptMax",
  "Limit clipboard bytes to receive from clients in one transaction",
- 0, 0, INT_MAX);
+ 10000, 0, INT_MAX);
 rfb::IntParameter rfb::Server::DLP_ClipDelay
 ("DLP_ClipDelay",
  "This many milliseconds must pass between clipboard actions",
- 0, 0, INT_MAX);
+ 1000, 0, INT_MAX);
 rfb::IntParameter rfb::Server::DLP_KeyRateLimit
 ("DLP_KeyRateLimit",
  "Reject keyboard presses over this many per second",
@@ -171,10 +167,6 @@ rfb::StringParameter rfb::Server::DLP_Region
 ("DLP_Region",
  "Black out anything outside this region",
  "");
-rfb::StringParameter rfb::Server::DLP_Clip_Types
-("DLP_ClipTypes",
- "Allowed binary clipboard mimetypes",
- "text/html,image/png");
 
 rfb::BoolParameter rfb::Server::DLP_RegionAllowClick
 ("DLP_RegionAllowClick",
@@ -226,4 +218,4 @@ static void bandwidthPreset() {
 rfb::PresetParameter rfb::Server::preferBandwidth
 ("PreferBandwidth",
  "Set various options for lower bandwidth use. The default is off, aka to prefer quality.",
- false, bandwidthPreset);
+ false, bandwidthPreset);

common/rfb/ServerCore.h

@@ -50,7 +50,6 @@ namespace rfb {
     static IntParameter DLP_KeyRateLimit;
     static StringParameter DLP_ClipLog;
     static StringParameter DLP_Region;
-    static StringParameter DLP_Clip_Types;
     static BoolParameter DLP_RegionAllowClick;
     static BoolParameter DLP_RegionAllowRelease;
     static IntParameter jpegVideoQuality;
@@ -75,8 +74,8 @@ namespace rfb {
     static BoolParameter detectScrolling;
     static BoolParameter detectHorizontal;
     static BoolParameter ignoreClientSettingsKasm;
-    static BoolParameter selfBench;
     static PresetParameter preferBandwidth;
+
   };
 
 };

common/rfb/TightWEBPEncoder.cxx

@@ -71,12 +71,12 @@ static const struct TightWEBPConfiguration conf[10] = {
   {  24, 0 }, // 1
   {  30, 0 }, // 2
   {  37, 0 }, // 3
-  {  42, 0 }, // 4
-  {  65, 0 }, // 5
-  {  78, 0 }, // 6
-  {  85, 0 }, // 7
-  {  88, 0 }, // 8
-  { 100, 0 }  // 9
+  {  42, 1 }, // 4
+  {  65, 1 }, // 5
+  {  78, 1 }, // 6
+  {  85, 2 }, // 7
+  {  88, 3 }, // 8
+  { 100, 4 }  // 9
 };
 
 
@@ -143,7 +143,7 @@ void TightWEBPEncoder::compressOnly(const PixelBuffer* pb, const uint8_t quality
     method = conf[qualityIn].method;
   } else {
     quality = 8;
-    method = 0;
+    method = 4;
   }
 
   WebPConfigInit(&cfg);
@@ -214,7 +214,7 @@ void TightWEBPEncoder::writeRect(const PixelBuffer* pb, const Palette& palette)
     method = conf[qualityLevel].method;
   } else {
     quality = 8;
-    method = 0;
+    method = 4;
   }
 
   WebPConfigInit(&cfg);
@@ -265,7 +265,7 @@ rdr::U32 TightWEBPEncoder::benchmark() const
   rdr::U8* buffer;
   struct timeval start;
   int stride, i;
-  const uint8_t quality = 8, method = 2;
+  const uint8_t quality = 8, method = 4;
   WebPConfig cfg;
   WebPPicture pic;
   WebPMemoryWriter wrt;

common/rfb/VNCSConnectionST.cxx

@@ -57,8 +57,7 @@ VNCSConnectionST::VNCSConnectionST(VNCServerST* server_, network::Socket *s,
     inProcessMessages(false),
     pendingSyncFence(false), syncFence(false), fenceFlags(0),
     fenceDataLen(0), fenceData(NULL), congestionTimer(this),
-    losslessTimer(this), kbdLogTimer(this), binclipTimer(this),
-    server(server_), updates(false),
+    losslessTimer(this), kbdLogTimer(this), server(server_), updates(false),
     updateRenderedCursor(false), removeRenderedCursor(false),
     continuousUpdates(false), encodeManager(this, &server_->encCache),
     needsPermCheck(false), pointerEventTime(0),
@@ -87,16 +86,10 @@ VNCSConnectionST::VNCSConnectionST(VNCServerST* server_, network::Socket *s,
     user[at - peerEndpoint.buf] = '\0';
   }
 
-  bool read, write, owner;
-  if (!getPerms(read, write, owner)) {
-    accessRights &= ~(WRITER_PERMS | AccessView);
-  }
-  if (!write) {
+  bool write, owner;
+  if (!getPerms(write, owner) || !write) {
     accessRights &= ~WRITER_PERMS;
   }
-  if (!read) {
-    accessRights &= ~AccessView;
-  }
 
   // Configure the socket
   setSocketTimeouts();
@@ -367,18 +360,17 @@ char *percentEncode4(const uint16_t *str, const unsigned len) {
 }
 
 static void cliplog(const char *str, const int len, const int origlen,
-                    const char *dir, const char *client, const unsigned id) {
+                    const char *dir, const char *client) {
   if (Server::DLP_ClipLog[0] == 'o')
     return;
   if (Server::DLP_ClipLog[0] == 'i') {
-    vlog.info("DLP: client %s: %s %u (%u requested) clipboard bytes, id %u", client, dir,
-              len, origlen, id);
+    vlog.info("DLP: client %s: %s %u (%u requested) clipboard bytes", client, dir, len, origlen);
   } else {
     // URL-encode it
     char *enc = percentEncode(str, len);
 
-    vlog.info("DLP: client %s: %s %u (%u requested) clipboard bytes, id %u: '%s'",
-              client, dir, len, origlen, id, enc);
+    vlog.info("DLP: client %s: %s %u (%u requested) clipboard bytes: '%s'",
+              client, dir, len, origlen, enc);
     free(enc);
   }
 }
@@ -421,6 +413,18 @@ static void keylog(unsigned keysym, const char *client) {
     flushKeylog(client);
 }
 
+void VNCSConnectionST::requestClipboardOrClose()
+{
+  try {
+    if (!(accessRights & AccessCutText)) return;
+    if (!rfb::Server::acceptCutText) return;
+    if (state() != RFBSTATE_NORMAL) return;
+    requestClipboard();
+  } catch(rdr::Exception& e) {
+    close(e.str());
+  }
+}
+
 void VNCSConnectionST::announceClipboardOrClose(bool available)
 {
   try {
@@ -433,53 +437,29 @@ void VNCSConnectionST::announceClipboardOrClose(bool available)
   }
 }
 
-void VNCSConnectionST::clearBinaryClipboardData()
-{
-  clearBinaryClipboard();
-}
-
-void VNCSConnectionST::sendBinaryClipboardDataOrClose(const char* mime,
-                                                      const unsigned char *data,
-                                                      const unsigned len,
-                                                      const unsigned id)
+void VNCSConnectionST::sendClipboardDataOrClose(const char* data)
 {
   try {
     if (!(accessRights & AccessCutText)) return;
     if (!rfb::Server::sendCutText) return;
-    if (rfb::Server::DLP_ClipSendMax && len > (unsigned) rfb::Server::DLP_ClipSendMax) {
-      vlog.info("DLP: client %s: refused to send binary clipboard, too large",
+    if (msSince(&lastClipboardOp) < (unsigned) rfb::Server::DLP_ClipDelay) {
+      vlog.info("DLP: client %s: refused to send clipboard, too soon",
                 sock->getPeerAddress());
       return;
     }
-
-    cliplog((const char *) data, len, len, "sent", sock->getPeerAddress(),
-            id);
+    int len = strlen(data);
+    const int origlen = len;
+    if (rfb::Server::DLP_ClipSendMax && len > rfb::Server::DLP_ClipSendMax)
+      len = rfb::Server::DLP_ClipSendMax;
+    cliplog(data, len, origlen, "sent", sock->getPeerAddress());
     if (state() != RFBSTATE_NORMAL) return;
-
-    addBinaryClipboard(mime, data, len, id);
-    binclipTimer.start(100);
+    sendClipboardData(data, len);
+    gettimeofday(&lastClipboardOp, NULL);
   } catch(rdr::Exception& e) {
     close(e.str());
   }
 }
 
-void VNCSConnectionST::getBinaryClipboardData(const char* mime, const unsigned char **data,
-                                              unsigned *len)
-{
-  unsigned i;
-  for (i = 0; i < binaryClipboard.size(); i++) {
-    if (!strcmp(binaryClipboard[i].mime, mime)) {
-      *data = &binaryClipboard[i].data[0];
-      *len = binaryClipboard[i].data.size();
-      return;
-    }
-  }
-
-  vlog.error("Binary clipboard data for mime %s not found", mime);
-  *data = (const unsigned char *) "";
-  *len = 1;
-}
-
 void VNCSConnectionST::setDesktopNameOrClose(const char *name)
 {
   try {
@@ -712,58 +692,14 @@ void VNCSConnectionST::setPixelFormat(const PixelFormat& pf)
   setCursor();
 }
 
-void VNCSConnectionST::pointerEvent(const Point& pos, const Point& abspos, int buttonMask, const bool skipClick, const bool skipRelease, int scrollX, int scrollY)
+void VNCSConnectionST::pointerEvent(const Point& pos, int buttonMask, const bool skipClick, const bool skipRelease)
 {
   pointerEventTime = lastEventTime = time(0);
   server->lastUserInputTime = lastEventTime;
-  if (!(accessRights & AccessPtrEvents)) {
-    // This particular event is lost, but it's a corner case - you removed write access
-    // from yourself, then added it back. The intended use is for multiple clients,
-    // where the leader removes and adds back access for others, not himself.
-    recheckPerms();
-    return;
-  }
+  if (!(accessRights & AccessPtrEvents)) return;
   if (!rfb::Server::acceptPointerEvents) return;
   if (!server->pointerClient || server->pointerClient == this) {
-    Point newpos = pos;
-    if (pos.x & 0x4000) {
-      newpos.x &= ~0x4000;
-      newpos.y &= ~0x4000;
-
-      if (newpos.x & 0x8000) {
-        newpos.x &= ~0x8000;
-        newpos.x = -newpos.x;
-      }
-      if (newpos.y & 0x8000) {
-        newpos.y &= ~0x8000;
-        newpos.y = -newpos.y;
-      }
-
-      if (newpos.x < 0) {
-        if (pointerEventPos.x + newpos.x >= 0)
-          pointerEventPos.x += newpos.x;
-        else
-          pointerEventPos.x = 0;
-      } else {
-        pointerEventPos.x += newpos.x;
-        if (pointerEventPos.x >= cp.width)
-          pointerEventPos.x = cp.width;
-      }
-
-      if (newpos.y < 0) {
-        if (pointerEventPos.y + newpos.y >= 0)
-          pointerEventPos.y += newpos.y;
-        else
-          pointerEventPos.y = 0;
-      } else {
-        pointerEventPos.y += newpos.y;
-        if (pointerEventPos.y >= cp.height)
-          pointerEventPos.y = cp.height;
-      }
-    } else {
-      pointerEventPos = pos;
-    }
-
+    pointerEventPos = pos;
     if (buttonMask)
       server->pointerClient = this;
     else
@@ -784,7 +720,7 @@ void VNCSConnectionST::pointerEvent(const Point& pos, const Point& abspos, int b
       }
     }
 
-    server->desktop->pointerEvent(newpos, pointerEventPos, buttonMask, skipclick, skiprelease, scrollX, scrollY);
+    server->desktop->pointerEvent(pointerEventPos, buttonMask, skipclick, skiprelease);
   }
 }
 
@@ -1078,6 +1014,12 @@ void VNCSConnectionST::enableContinuousUpdates(bool enable,
   }
 }
 
+void VNCSConnectionST::handleClipboardRequest()
+{
+  if (!(accessRights & AccessCutText)) return;
+  server->handleClipboardRequest(this);
+}
+
 void VNCSConnectionST::handleClipboardAnnounce(bool available)
 {
   if (!(accessRights & AccessCutText)) return;
@@ -1085,21 +1027,25 @@ void VNCSConnectionST::handleClipboardAnnounce(bool available)
   server->handleClipboardAnnounce(this, available);
 }
 
-void VNCSConnectionST::handleClipboardAnnounceBinary(const unsigned num, const char mimes[][32])
+void VNCSConnectionST::handleClipboardData(const char* data, int len)
 {
   if (!(accessRights & AccessCutText)) return;
   if (!rfb::Server::acceptCutText) return;
-  server->handleClipboardAnnounceBinary(this, num, mimes);
-
-  const unsigned tolog = server->clipboardId++;
-
-  if (Server::DLP_ClipLog[0] == 'o')
+  if (msSince(&lastClipboardOp) < (unsigned) rfb::Server::DLP_ClipDelay) {
+    vlog.info("DLP: client %s: refused to receive clipboard, too soon",
+              sock->getPeerAddress());
     return;
-  vlog.info("DLP: client %s: %s %u clipboard mimes, id %u",
-            sock->getPeerAddress(), "received",
-            num, tolog);
+  }
+  const int origlen = len;
+  if (rfb::Server::DLP_ClipAcceptMax && len > rfb::Server::DLP_ClipAcceptMax)
+    len = rfb::Server::DLP_ClipAcceptMax;
+  cliplog(data, len, origlen, "received", sock->getPeerAddress());
+
+  gettimeofday(&lastClipboardOp, NULL);
+  server->handleClipboardData(this, data, len);
 }
 
+
 // supportsLocalCursor() is called whenever the status of
 // cp.supportsLocalCursor has changed.  If the client does now support local
 // cursor, we make sure that the old server-side rendered cursor is cleaned up
@@ -1143,8 +1089,6 @@ bool VNCSConnectionST::handleTimeout(Timer* t)
       writeFramebufferUpdate();
     else if (t == &kbdLogTimer)
       flushKeylog(sock->getPeerAddress());
-    else if (t == &binclipTimer)
-      writeBinaryClipboard();
   } catch (rdr::Exception& e) {
     close(e.str());
   }
@@ -1166,12 +1110,11 @@ bool VNCSConnectionST::isShiftPressed()
   return false;
 }
 
-bool VNCSConnectionST::getPerms(bool &read, bool &write, bool &owner) const
+bool VNCSConnectionST::getPerms(bool &write, bool &owner) const
 {
   bool found = false;
   if (disablebasicauth) {
     // We're running without basicauth
-    read = true;
     write = true;
     return true;
   }
@@ -1180,14 +1123,8 @@ bool VNCSConnectionST::getPerms(bool &read, bool &write, bool &owner) const
     unsigned i;
     for (i = 0; i < set->num; i++) {
       if (!strcmp(set->entries[i].user, user)) {
-        read = set->entries[i].read;
         write = set->entries[i].write;
         owner = set->entries[i].owner;
-
-        // Writer can always read
-        if (write)
-          read = true;
-
         found = true;
         break;
       }
@@ -1285,29 +1222,18 @@ void VNCSConnectionST::writeFramebufferUpdate()
   if (needsPermCheck) {
     needsPermCheck = false;
 
-    bool read, write, owner, ret;
-    ret = getPerms(read, write, owner);
+    bool write, owner, ret;
+    ret = getPerms(write, owner);
     if (!ret) {
       close("User was deleted");
       return;
-    }
-
-    if (!write) {
+    } else if (!write) {
       accessRights &= ~WRITER_PERMS;
     } else {
       accessRights |= WRITER_PERMS;
     }
-
-    if (!read) {
-      accessRights &= ~AccessView;
-    } else {
-      accessRights |= AccessView;
-    }
   }
 
-  if (!(accessRights & AccessView))
-    return;
-
   // Updates often consists of many small writes, and in continuous
   // mode, we will also have small fence messages around the update. We
   // need to aggregate these in order to not clog up TCP's congestion
@@ -1520,18 +1446,6 @@ void VNCSConnectionST::writeDataUpdate()
   requested.clear();
 }
 
-void VNCSConnectionST::writeBinaryClipboard()
-{
-  if (msSince(&lastClipboardOp) < (unsigned) rfb::Server::DLP_ClipDelay) {
-    vlog.info("DLP: client %s: refused to send binary clipboard, too soon",
-              sock->getPeerAddress());
-    return;
-  }
-
-  writer()->writeBinaryClipboard(binaryClipboard);
-
-  gettimeofday(&lastClipboardOp, NULL);
-}
 
 void VNCSConnectionST::screenLayoutChange(rdr::U16 reason)
 {
@@ -1738,8 +1652,8 @@ bool VNCSConnectionST::checkOwnerConn() const
   std::list<VNCSConnectionST*>::const_iterator it;
 
   for (it = server->clients.begin(); it != server->clients.end(); it++) {
-    bool read, write, owner;
-    if ((*it)->getPerms(read, write, owner) && owner)
+    bool write, owner;
+    if ((*it)->getPerms(write, owner) && owner)
       return true;
   }
 

common/rfb/VNCSConnectionST.h

@@ -77,12 +77,9 @@ namespace rfb {
     void bellOrClose();
     void setDesktopNameOrClose(const char *name);
     void setLEDStateOrClose(unsigned int state);
+    void requestClipboardOrClose();
     void announceClipboardOrClose(bool available);
-    void clearBinaryClipboardData();
-    void sendBinaryClipboardDataOrClose(const char* mime, const unsigned char *data,
-                                        const unsigned len, const unsigned id);
-    void getBinaryClipboardData(const char* mime, const unsigned char **data,
-                                unsigned *len);
+    void sendClipboardDataOrClose(const char* data);
 
     // checkIdleTimeout() returns the number of milliseconds left until the
     // idle timeout expires.  If it has expired, the connection is closed and
@@ -171,8 +168,8 @@ namespace rfb {
     virtual void handleFrameStats(rdr::U32 all, rdr::U32 render);
 
     bool is_owner() const {
-      bool read, write, owner;
-      if (getPerms(read, write, owner) && owner)
+      bool write, owner;
+      if (getPerms(write, owner) && owner)
         return true;
       return false;
     }
@@ -207,7 +204,7 @@ namespace rfb {
     virtual void queryConnection(const char* userName);
     virtual void clientInit(bool shared);
     virtual void setPixelFormat(const PixelFormat& pf);
-    virtual void pointerEvent(const Point& pos, const Point& abspos,int buttonMask, const bool skipClick, const bool skipRelease, int scrollX, int scrollY);
+    virtual void pointerEvent(const Point& pos, int buttonMask, const bool skipClick, const bool skipRelease);
     virtual void keyEvent(rdr::U32 keysym, rdr::U32 keycode, bool down);
     virtual void framebufferUpdateRequest(const Rect& r, bool incremental);
     virtual void setDesktopSize(int fb_width, int fb_height,
@@ -215,8 +212,9 @@ namespace rfb {
     virtual void fence(rdr::U32 flags, unsigned len, const char data[]);
     virtual void enableContinuousUpdates(bool enable,
                                          int x, int y, int w, int h);
+    virtual void handleClipboardRequest();
     virtual void handleClipboardAnnounce(bool available);
-    virtual void handleClipboardAnnounceBinary(const unsigned num, const char mimes[][32]);
+    virtual void handleClipboardData(const char* data, int len);
     virtual void supportsLocalCursor();
     virtual void supportsFence();
     virtual void supportsContinuousUpdates();
@@ -227,6 +225,19 @@ namespace rfb {
                (AccessPtrEvents | AccessKeyEvents);
     }
 
+    // setAccessRights() allows a security package to limit the access rights
+    // of a VNCSConnectioST to the server.  These access rights are applied
+    // such that the actual rights granted are the minimum of the server's
+    // default access settings and the connection's access settings.
+    virtual void setAccessRights(AccessRights ar) {
+        accessRights = ar;
+
+        bool write, owner;
+        if (!getPerms(write, owner) || !write)
+            accessRights &= ~WRITER_PERMS;
+        needsPermCheck = false;
+    }
+
     // Timer callbacks
     virtual bool handleTimeout(Timer* t);
 
@@ -234,7 +245,7 @@ namespace rfb {
 
     bool isShiftPressed();
 
-    bool getPerms(bool &read, bool &write, bool &owner) const;
+    bool getPerms(bool &write, bool &owner) const;
 
     bool checkOwnerConn() const;
 
@@ -249,8 +260,6 @@ namespace rfb {
     void writeNoDataUpdate();
     void writeDataUpdate();
 
-    void writeBinaryClipboard();
-
     void screenLayoutChange(rdr::U16 reason);
     void setCursor();
     void setCursorPos();
@@ -273,7 +282,6 @@ namespace rfb {
     Timer congestionTimer;
     Timer losslessTimer;
     Timer kbdLogTimer;
-    Timer binclipTimer;
 
     VNCServerST* server;
     SimpleUpdateTracker updates;

common/rfb/VNCServer.h

@@ -52,11 +52,22 @@ namespace rfb {
     // getPixelBuffer() returns a pointer to the PixelBuffer object.
     virtual PixelBuffer* getPixelBuffer() const = 0;
 
+    // requestClipboard() will result in a request to a client to
+    // transfer its clipboard data. A call to
+    // SDesktop::handleClipboardData() will be made once the data is
+    // available.
+    virtual void requestClipboard() = 0;
+
     // announceClipboard() informs all clients of changes to the
     // clipboard on the server. A client may later request the
     // clipboard data via SDesktop::handleClipboardRequest().
     virtual void announceClipboard(bool available) = 0;
 
+    // sendClipboardData() transfers the clipboard data to a client
+    // and should be called whenever a client has requested the
+    // clipboard via SDesktop::handleClipboardRequest().
+    virtual void sendClipboardData(const char* data) = 0;
+
     // bell() tells the server that it should make all clients make a bell sound.
     virtual void bell() = 0;
 

common/rfb/VNCServerST.cxx

@@ -53,7 +53,6 @@
 
 #include <network/GetAPI.h>
 
-#include <rfb/cpuid.h>
 #include <rfb/ComparingUpdateTracker.h>
 #include <rfb/KeyRemapper.h>
 #include <rfb/ListConnInfo.h>
@@ -77,8 +76,6 @@ static LogWriter slog("VNCServerST");
 LogWriter VNCServerST::connectionsLog("Connections");
 EncCache VNCServerST::encCache;
 
-void SelfBench();
-
 //
 // -=- VNCServerST Implementation
 //
@@ -131,14 +128,10 @@ VNCServerST::VNCServerST(const char* name_, SDesktop* desktop_)
     renderedCursorInvalid(false),
     queryConnectionHandler(0), keyRemapper(&KeyRemapper::defInstance),
     lastConnectionTime(0), disableclients(false),
-    frameTimer(this), apimessager(NULL), trackingFrameStats(0),
-    clipboardId(0)
+    frameTimer(this), apimessager(NULL), trackingFrameStats(0)
 {
   lastUserInputTime = lastDisconnectTime = time(0);
   slog.debug("creating single-threaded server %s", name.buf);
-  slog.info("CPU capability: SSE2 %s, AVX512f %s",
-            supportsSSE2() ? "yes" : "no",
-            supportsAVX512f() ? "yes" : "no");
 
   DLPRegion.enabled = DLPRegion.percents = false;
 
@@ -219,9 +212,6 @@ VNCServerST::VNCServerST(const char* name_, SDesktop* desktop_)
   }
 
   trackingClient[0] = 0;
-
-  if (Server::selfBench)
-    SelfBench();
 }
 
 VNCServerST::~VNCServerST()
@@ -519,6 +509,14 @@ void VNCServerST::setScreenLayout(const ScreenSet& layout)
   }
 }
 
+void VNCServerST::requestClipboard()
+{
+  if (clipboardClient == NULL)
+    return;
+
+  clipboardClient->requestClipboard();
+}
+
 void VNCServerST::announceClipboard(bool available)
 {
   std::list<VNCSConnectionST*>::iterator ci, ci_next;
@@ -534,33 +532,20 @@ void VNCServerST::announceClipboard(bool available)
   }
 }
 
-void VNCServerST::sendBinaryClipboardData(const char* mime, const unsigned char *data,
-                                          const unsigned len)
+void VNCServerST::sendClipboardData(const char* data)
 {
   std::list<VNCSConnectionST*>::iterator ci, ci_next;
-  for (ci = clients.begin(); ci != clients.end(); ci = ci_next) {
+
+  if (strchr(data, '\r') != NULL)
+    throw Exception("Invalid carriage return in clipboard data");
+
+  for (ci = clipboardRequestors.begin();
+       ci != clipboardRequestors.end(); ci = ci_next) {
     ci_next = ci; ci_next++;
-    (*ci)->sendBinaryClipboardDataOrClose(mime, data, len, clipboardId);
+    (*ci)->sendClipboardDataOrClose(data);
   }
 
-  clipboardId++;
-}
-
-void VNCServerST::getBinaryClipboardData(const char* mime, const unsigned char **data,
-                                         unsigned *len)
-{
-  if (!clipboardClient)
-    return;
-  clipboardClient->getBinaryClipboardData(mime, data, len);
-}
-
-void VNCServerST::clearBinaryClipboardData()
-{
-  std::list<VNCSConnectionST*>::iterator ci, ci_next;
-  for (ci = clients.begin(); ci != clients.end(); ci = ci_next) {
-    ci_next = ci; ci_next++;
-    (*ci)->clearBinaryClipboardData();
-  }
+  clipboardRequestors.clear();
 }
 
 void VNCServerST::bell()
@@ -808,11 +793,49 @@ static void checkAPIMessages(network::GetAPIMessager *apimessager,
     slog.info("Main thread processing user API request %u/%u", i + 1, num);
 
     const network::GetAPIMessager::action_data &act = apimessager->actionQueue[i];
+    struct kasmpasswd_t *set = NULL;
+    unsigned s;
+    bool found;
 
     switch (act.action) {
-      case network::GetAPIMessager::NONE:
-        slog.info("Empty request (bug!)");
+      case network::GetAPIMessager::USER_REMOVE:
+        set = readkasmpasswd(kasmpasswdpath);
+        found = false;
+        for (s = 0; s < set->num; s++) {
+          if (!strcmp(set->entries[s].user, act.data.user)) {
+            set->entries[s].user[0] = '\0';
+            found = true;
+            break;
+          }
+        }
+
+        if (found) {
+          writekasmpasswd(kasmpasswdpath, set);
+          slog.info("User %s removed", act.data.user);
+        } else {
+          slog.error("Tried to remove nonexistent user %s", act.data.user);
+        }
       break;
+      case network::GetAPIMessager::USER_GIVE_CONTROL:
+        set = readkasmpasswd(kasmpasswdpath);
+        found = false;
+        for (s = 0; s < set->num; s++) {
+          if (!strcmp(set->entries[s].user, act.data.user)) {
+            set->entries[s].write = 1;
+            found = true;
+          } else {
+            set->entries[s].write = 0;
+          }
+        }
+
+        if (found) {
+          writekasmpasswd(kasmpasswdpath, set);
+          slog.info("User %s given control", act.data.user);
+        } else {
+          slog.error("Tried to give control to nonexistent user %s", act.data.user);
+        }
+      break;
+
       case network::GetAPIMessager::WANT_FRAME_STATS_SERVERONLY:
         trackingFrameStats = act.action;
       break;
@@ -827,6 +850,11 @@ static void checkAPIMessages(network::GetAPIMessager *apimessager,
         memcpy(trackingClient, act.data.password, 128);
       break;
     }
+
+    if (set) {
+      free(set->entries);
+      free(set);
+    }
   }
 
   apimessager->actionQueue.clear();
@@ -1161,6 +1189,13 @@ bool VNCServerST::getComparerState()
   return false;
 }
 
+void VNCServerST::handleClipboardRequest(VNCSConnectionST* client)
+{
+  clipboardRequestors.push_back(client);
+  if (clipboardRequestors.size() == 1)
+    desktop->handleClipboardRequest();
+}
+
 void VNCServerST::handleClipboardAnnounce(VNCSConnectionST* client,
                                           bool available)
 {
@@ -1174,10 +1209,11 @@ void VNCServerST::handleClipboardAnnounce(VNCSConnectionST* client,
   desktop->handleClipboardAnnounce(available);
 }
 
-void VNCServerST::handleClipboardAnnounceBinary(VNCSConnectionST* client,
-                                                 const unsigned num,
-                                                 const char mimes[][32])
+void VNCServerST::handleClipboardData(VNCSConnectionST* client,
+                                      const char* data, int len)
 {
-  clipboardClient = client;
-  desktop->handleClipboardAnnounceBinary(num, mimes);
+  if (client != clipboardClient)
+    return;
+  desktop->handleClipboardData(data, len);
 }
+

common/rfb/VNCServerST.h

@@ -96,12 +96,9 @@ namespace rfb {
     virtual void setPixelBuffer(PixelBuffer* pb);
     virtual void setScreenLayout(const ScreenSet& layout);
     virtual PixelBuffer* getPixelBuffer() const { if (DLPRegion.enabled && blackedpb) return blackedpb; else return pb; }
+    virtual void requestClipboard();
     virtual void announceClipboard(bool available);
-    virtual void clearBinaryClipboardData();
-    virtual void sendBinaryClipboardData(const char* mime, const unsigned char *data,
-                                         const unsigned len);
-    virtual void getBinaryClipboardData(const char *mime, const unsigned char **ptr,
-                                        unsigned *len);
+    virtual void sendClipboardData(const char* data);
     virtual void add_changed(const Region &region);
     virtual void add_copied(const Region &dest, const Point &delta);
     virtual void setCursor(int width, int height, const Point& hotspot,
@@ -194,9 +191,9 @@ namespace rfb {
 
     void setAPIMessager(network::GetAPIMessager *msgr) { apimessager = msgr; }
 
+    void handleClipboardRequest(VNCSConnectionST* client);
     void handleClipboardAnnounce(VNCSConnectionST* client, bool available);
-    void handleClipboardAnnounceBinary(VNCSConnectionST* client, const unsigned num,
-                                       const char mimes[][32]);
+    void handleClipboardData(VNCSConnectionST* client, const char* data, int len);
 
   protected:
 
@@ -281,8 +278,6 @@ namespace rfb {
     } DLPRegion;
 
     void translateDLPRegion(rdr::U16 &x1, rdr::U16 &y1, rdr::U16 &x2, rdr::U16 &y2) const;
-
-    rdr::U32 clipboardId;
   };
 
 };

common/rfb/cpuid.cxx

@@ -1,70 +0,0 @@
-/* Copyright (C) 2021 Kasm Web
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#include <stdint.h>
-
-static uint32_t cpuid[4] = { 0 };
-static uint32_t extcpuid[4] = { 0 };
-
-static void getcpuid() {
-	if (cpuid[0])
-		return;
-
-#if defined(__x86_64__) || defined(__i386__)
-	uint32_t eax, ecx = 0;
-
-	eax = 1; // normal feature bits
-
-	__asm__ __volatile__(
-		"cpuid\n\t"
-		: "=a"(cpuid[0]), "=b"(cpuid[1]), "=c"(cpuid[2]), "=d"(cpuid[3])
-		: "0"(eax), "2"(ecx)
-	);
-
-	eax = 7; // ext feature bits
-	ecx = 0;
-
-	__asm__ __volatile__(
-		"cpuid\n\t"
-		: "=a"(extcpuid[0]), "=b"(extcpuid[1]), "=c"(extcpuid[2]), "=d"(extcpuid[3])
-		: "0"(eax), "2"(ecx)
-	);
-#endif
-}
-
-namespace rfb {
-
-bool supportsSSE2() {
-	getcpuid();
-#if defined(__x86_64__) || defined(__i386__)
-	#define bit_SSE2        (1 << 26)
-	return cpuid[3] & bit_SSE2;
-#endif
-	return false;
-}
-
-bool supportsAVX512f() {
-	getcpuid();
-#if defined(__x86_64__) || defined(__i386__)
-	#define bit_AVX512f        (1 << 16)
-	return extcpuid[1] & bit_AVX512f;
-#endif
-	return false;
-}
-
-}; // namespace rfb

common/rfb/cpuid.h

@@ -1,28 +0,0 @@
-/* Copyright (C) 2021 Kasm Web
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#ifndef __RFB_CPUID_H__
-#define __RFB_CPUID_H__
-
-namespace rfb {
-
-	bool supportsSSE2();
-	bool supportsAVX512f();
-};
-
-#endif

common/rfb/msgTypes.h

@@ -31,7 +31,6 @@ namespace rfb {
   // kasm
   const int msgTypeStats = 178;
   const int msgTypeRequestFrameStats = 179;
-  const int msgTypeBinaryClipboard = 180;
 
   const int msgTypeServerFence = 248;
 
@@ -50,7 +49,6 @@ namespace rfb {
   // kasm
   const int msgTypeRequestStats = 178;
   const int msgTypeFrameStats = 179;
-  //const int msgTypeBinaryClipboard = 180;
 
   const int msgTypeClientFence = 248;
 

common/rfb/scale_dummy.cxx

@@ -1,37 +0,0 @@
-/* Copyright (C) 2021 Kasm Web
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#include <rfb/scale_sse2.h>
-
-namespace rfb {
-
-void SSE2_halve(const uint8_t *oldpx,
-			const uint16_t tgtw, const uint16_t tgth,
-			uint8_t *newpx,
-			const unsigned oldstride, const unsigned newstride) {
-}
-
-// Handles factors between 0.5 and 1.0
-void SSE2_scale(const uint8_t *oldpx,
-		const uint16_t tgtw, const uint16_t tgth,
-		uint8_t *newpx,
-		const unsigned oldstride, const unsigned newstride,
-		const float tgtdiff) {
-}
-
-}; // namespace rfb

common/rfb/scale_sse2.cxx

@@ -1,257 +0,0 @@
-/* Copyright (C) 2021 Kasm Web
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#include <emmintrin.h>
-
-#include <rfb/scale_sse2.h>
-
-namespace rfb {
-
-/*
-static void print128(const char msg[], const __m128i v) {
-	union {
-		__m128i v;
-		uint8_t c[16];
-	} u;
-
-	u.v = v;
-
-	printf("%s %02x,%02x,%02x,%02x,%02x,%02x,%02x,%02x,%02x,%02x,%02x,%02x,%02x,%02x,%02x,%02x\n",
-		msg,
-		u.c[0],
-		u.c[1],
-		u.c[2],
-		u.c[3],
-		u.c[4],
-		u.c[5],
-		u.c[6],
-		u.c[7],
-		u.c[8],
-		u.c[9],
-		u.c[10],
-		u.c[11],
-		u.c[12],
-		u.c[13],
-		u.c[14],
-		u.c[15]);
-}
-*/
-
-void SSE2_halve(const uint8_t *oldpx,
-			const uint16_t tgtw, const uint16_t tgth,
-			uint8_t *newpx,
-			const unsigned oldstride, const unsigned newstride) {
-	uint16_t x, y;
-	const uint16_t srcw = tgtw * 2, srch = tgth * 2;
-	const __m128i zero = _mm_setzero_si128();
-	const __m128i shift = _mm_set_epi32(0, 0, 0, 2);
-	const __m128i low = _mm_set_epi32(0, 0, 0xffffffff, 0xffffffff);
-	const __m128i high = _mm_set_epi32(0xffffffff, 0xffffffff, 0, 0);
-
-	for (y = 0; y < srch; y += 2) {
-		const uint8_t * const row0 = oldpx + oldstride * y * 4;
-		const uint8_t * const row1 = oldpx + oldstride * (y + 1) * 4;
-
-		uint8_t * const dst = newpx + newstride * (y / 2) * 4;
-
-		for (x = 0; x < srcw - 3; x += 4) {
-			__m128i lo, hi, a, b, c, d;
-			lo = _mm_loadu_si128((__m128i *) &row0[x * 4]);
-			hi = _mm_loadu_si128((__m128i *) &row1[x * 4]);
-
-			a = _mm_unpacklo_epi8(lo, zero);
-			b = _mm_unpackhi_epi8(lo, zero);
-			c = _mm_unpacklo_epi8(hi, zero);
-			d = _mm_unpackhi_epi8(hi, zero);
-
-			a = _mm_add_epi16(a, c);
-			b = _mm_add_epi16(b, d);
-
-			c = _mm_srli_si128(a, 8);
-			a = _mm_and_si128(a, low);
-			a = _mm_add_epi16(a, c);
-
-			d = _mm_slli_si128(b, 8);
-			b = _mm_and_si128(b, high);
-			b = _mm_add_epi16(b, d);
-
-			a = _mm_add_epi16(a, b);
-
-			a = _mm_srl_epi16(a, shift);
-			a = _mm_packus_epi16(a, zero);
-
-			_mm_storel_epi64((__m128i *) &dst[(x / 2) * 4], a);
-		}
-
-		for (; x < srcw; x += 2) {
-			// Remainder in C
-			uint8_t i;
-			for (i = 0; i < 4; i++) {
-				dst[(x / 2) * 4 + i] =
-					(row0[x * 4 + i] +
-					row0[(x + 1) * 4 + i] +
-					row1[x * 4 + i] +
-					row1[(x + 1) * 4 + i]) / 4;
-			}
-		}
-	}
-}
-
-// Handles factors between 0.5 and 1.0
-void SSE2_scale(const uint8_t *oldpx,
-		const uint16_t tgtw, const uint16_t tgth,
-		uint8_t *newpx,
-		const unsigned oldstride, const unsigned newstride,
-		const float tgtdiff) {
-
-	uint16_t x, y;
-	const __m128i zero = _mm_setzero_si128();
-	const __m128i low = _mm_set_epi32(0, 0, 0xffffffff, 0xffffffff);
-	const __m128i high = _mm_set_epi32(0xffffffff, 0xffffffff, 0, 0);
-	const float invdiff = 1 / tgtdiff;
-
-	for (y = 0; y < tgth; y++) {
-		const float ny = y * invdiff;
-		const uint16_t lowy = ny;
-		const uint16_t highy = lowy + 1;
-		const uint16_t bot = (ny - lowy) * 256;
-		const uint16_t top = 256 - bot;
-		const uint32_t * const row0 = (uint32_t *) (oldpx + oldstride * lowy * 4);
-		const uint32_t * const row1 = (uint32_t *) (oldpx + oldstride * highy * 4);
-		const uint8_t * const brow0 = (uint8_t *) row0;
-		const uint8_t * const brow1 = (uint8_t *) row1;
-
-		uint8_t * const dst = newpx + newstride * y * 4;
-
-		const __m128i vertmul = _mm_set1_epi16(top);
-		const __m128i vertmul2 = _mm_set1_epi16(bot);
-
-		for (x = 0; x < tgtw - 1; x += 2) {
-			const float nx[2] = {
-				x * invdiff,
-				(x + 1) * invdiff,
-			};
-			const uint16_t lowx[2] =  {
-				(uint16_t) nx[0],
-				(uint16_t) nx[1],
-			};
-			const uint16_t highx[2] = {
-				(uint16_t) (lowx[0] + 1),
-				(uint16_t) (lowx[1] + 1),
-			};
-			const uint16_t right[2] = {
-				(uint16_t) ((nx[0] - lowx[0]) * 256),
-				(uint16_t) ((nx[1] - lowx[1]) * 256),
-			};
-			const uint16_t left[2] = {
-				(uint16_t) (256 - right[0]),
-				(uint16_t) (256 - right[1]),
-			};
-
-			const __m128i horzmul = _mm_set_epi16(
-				right[0],
-				right[0],
-				right[0],
-				right[0],
-				left[0],
-				left[0],
-				left[0],
-				left[0]
-			);
-			const __m128i horzmul2 = _mm_set_epi16(
-				right[1],
-				right[1],
-				right[1],
-				right[1],
-				left[1],
-				left[1],
-				left[1],
-				left[1]
-			);
-
-			__m128i lo, hi, a, b, c, d;
-			lo = _mm_setr_epi32(row0[lowx[0]],
-						row0[highx[0]],
-						row0[lowx[1]],
-						row0[highx[1]]);
-			hi = _mm_setr_epi32(row1[lowx[0]],
-						row1[highx[0]],
-						row1[lowx[1]],
-						row1[highx[1]]);
-
-			a = _mm_unpacklo_epi8(lo, zero);
-			b = _mm_unpackhi_epi8(lo, zero);
-			c = _mm_unpacklo_epi8(hi, zero);
-			d = _mm_unpackhi_epi8(hi, zero);
-
-			a = _mm_mullo_epi16(a, vertmul);
-			b = _mm_mullo_epi16(b, vertmul);
-			c = _mm_mullo_epi16(c, vertmul2);
-			d = _mm_mullo_epi16(d, vertmul2);
-
-			a = _mm_add_epi16(a, c);
-			a = _mm_srli_epi16(a, 8);
-			b = _mm_add_epi16(b, d);
-			b = _mm_srli_epi16(b, 8);
-
-			a = _mm_mullo_epi16(a, horzmul);
-			b = _mm_mullo_epi16(b, horzmul2);
-
-			lo = _mm_srli_si128(a, 8);
-			a = _mm_and_si128(a, low);
-			a = _mm_add_epi16(a, lo);
-
-			hi = _mm_slli_si128(b, 8);
-			b = _mm_and_si128(b, high);
-			b = _mm_add_epi16(b, hi);
-
-			a = _mm_add_epi16(a, b);
-			a = _mm_srli_epi16(a, 8);
-
-			a = _mm_packus_epi16(a, zero);
-
-			_mm_storel_epi64((__m128i *) &dst[x * 4], a);
-		}
-
-		for (; x < tgtw; x++) {
-			// Remainder in C
-			const float nx = x * invdiff;
-			const uint16_t lowx = nx;
-			const uint16_t highx = lowx + 1;
-			const uint16_t right = (nx - lowx) * 256;
-			const uint16_t left = 256 - right;
-
-			uint8_t i;
-			uint32_t val, val2;
-			for (i = 0; i < 4; i++) {
-				val = brow0[lowx * 4 + i] * left;
-				val += brow0[highx * 4 + i] * right;
-				val >>= 8;
-
-				val2 = brow1[lowx * 4 + i] * left;
-				val2 += brow1[highx * 4 + i] * right;
-				val2 >>= 8;
-
-				dst[x * 4 + i] =
-					(val * top + val2 * bot) >> 8;
-			}
-		}
-	}
-}
-
-}; // namespace rfb

common/rfb/scale_sse2.h

@@ -1,38 +0,0 @@
-/* Copyright (C) 2021 Kasm Web
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#ifndef __RFB_SCALE_SSE2_H__
-#define __RFB_SCALE_SSE2_H__
-
-#include <stdint.h>
-
-namespace rfb {
-
-	void SSE2_halve(const uint8_t *oldpx,
-			const uint16_t tgtw, const uint16_t tgth,
-			uint8_t *newpx,
-			const unsigned oldstride, const unsigned newstride);
-
-	void SSE2_scale(const uint8_t *oldpx,
-			const uint16_t tgtw, const uint16_t tgth,
-			uint8_t *newpx,
-			const unsigned oldstride, const unsigned newstride,
-			const float tgtdiff);
-};
-
-#endif

debian/Makefile.to_fakebuild_tar_package

@@ -11,19 +11,18 @@ install: unpack_tarball
 	echo "TAR_DATA: $(TAR_DATA)"
 	echo "installing files"
 	mkdir -p $(DESTDIR)/usr/bin $(DESTDIR)/usr/share/man/man1 \
-	  $(DESTDIR)/usr/share/doc/kasmvncserver
+	  $(DESTDIR)/usr/share/doc/kasmvncserver $(DESTDIR)/usr/lib
 	cp $(SRC_BIN)/Xvnc $(DESTDIR)/usr/bin/Xkasmvnc
 	cp $(SRC_BIN)/vncserver $(DESTDIR)/usr/bin/kasmvncserver
 	cp $(SRC_BIN)/vncconfig $(DESTDIR)/usr/bin/kasmvncconfig
 	cp $(SRC_BIN)/kasmvncpasswd $(DESTDIR)/usr/bin/
-	cp $(SRC_BIN)/kasmxproxy $(DESTDIR)/usr/bin/
+	cp -r $(SRC)/lib/kasmvnc/ $(DESTDIR)/usr/lib/kasmvncserver
 	cp -r $(SRC)/share/doc/kasmvnc*/* $(DESTDIR)/usr/share/doc/kasmvncserver/
 	rsync -r --exclude '.git*' --exclude po2js --exclude xgettext-html \
 	  --exclude www/utils/ --exclude .eslintrc \
 	  $(SRC)/share/kasmvnc $(DESTDIR)/usr/share
 	cp $(SRC)/man/man1/Xvnc.1 $(DESTDIR)/usr/share/man/man1/Xkasmvnc.1
 	cp $(SRC)/share/man/man1/vncserver.1 $(DST_MAN)/kasmvncserver.1
-	cp $(SRC)/share/man/man1/kasmxproxy.1 $(DST_MAN)/kasmxproxy.1
 	cp $(SRC)/share/man/man1/vncpasswd.1 $(DST_MAN)/kasmvncpasswd.1
 	cp $(SRC)/share/man/man1/vncconfig.1 $(DST_MAN)/kasmvncconfig.1
 

debian/changelog

@@ -2,7 +2,7 @@ kasmvnc (0.9.3~beta-1) unstable; urgency=medium
 
   * New upstream release.
 
- -- Kasm Technologies LLC <info@kasmweb.com>  Tue, 22 Mar 2022 09:15:38 +0000
+ -- Dmitry Maksyoma <ledestin@gmail.com>  Fri, 29 Oct 2021 19:16:33 +1300
 
 kasmvnc (0.9.1~beta-1) unstable; urgency=medium
 

debian/control

@@ -3,16 +3,16 @@ Section: x11
 Priority: optional
 Maintainer: Kasm Technologies LLC <info@kasmweb.com>
 Build-Depends: debhelper (>= 11), rsync, libjpeg-dev, libjpeg-dev, libpng-dev,
-  libtiff-dev, libgif-dev, libavcodec-dev, libssl-dev, libgl1, libxfont2, libsm6, libxext-dev, libxrandr-dev, libxtst-dev, libxcursor-dev, libunwind8
+  libtiff-dev, libgif-dev, libavcodec-dev, libssl-dev, libgl1, libxfont2, libsm6
 Standards-Version: 4.1.3
 Homepage: https://github.com/kasmtech/KasmVNC
 #Vcs-Browser: https://salsa.debian.org/debian/kasmvnc
 #Vcs-Git: https://salsa.debian.org/debian/kasmvnc.git
 
 Package: kasmvncserver
-Architecture: amd64 arm64
+Architecture: amd64
 Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, ssl-cert, xauth,
-  x11-xkb-utils, xkb-data, procps
+  x11-xkb-utils, xkb-data, procps, libswitch-perl
 Provides: vnc-server
 Description: VNC server accessible from a web browser
  VNC stands for Virtual Network Computing. It is, in essence, a remote

debian/postinst

@@ -21,7 +21,7 @@ case "$1" in
     configure)
       bindir=/usr/bin
       mandir=/usr/share/man
-      commands="kasmvncserver kasmvncpasswd kasmvncconfig Xkasmvnc kasmxproxy"
+      commands="kasmvncserver kasmvncpasswd kasmvncconfig Xkasmvnc"
 
       for kasm_command in $commands; do
         generic_command=`echo "$kasm_command" | sed -e 's/kasm//'`;

debian/prerm

@@ -21,7 +21,7 @@ case "$1" in
     remove)
       bindir=/usr/bin
       mandir=/usr/share/man
-      commands="kasmvncserver kasmvncpasswd kasmvncconfig Xkasmvnc kasmxproxy"
+      commands="kasmvncserver kasmvncpasswd kasmvncconfig Xkasmvnc"
 
       for kasm_command in $commands; do
         generic_command=`echo "$kasm_command" | sed -e 's/kasm//'`;

opensuse/kasmvncserver.spec

@@ -1,108 +0,0 @@
-Name:           kasmvncserver
-Version:        0.9.3~beta
-Release:        leap15
-Summary:        VNC server accessible from a web browser
-
-License: GPLv2+
-URL: https://github.com/kasmtech/KasmVNC
-
-BuildRequires: rsync
-Requires: xauth, libxkbcommon-x11-0, xkeyboard-config, x11-tools, openssl, perl, libpixman-1-0, libjpeg8, libgomp1, libXfont2-2, libXdmcp6, libglvnd, xkbcomp
-Conflicts: tigervnc, tigervnc-x11vnc
-
-%description
-VNC stands for Virtual Network Computing. It is, in essence, a remote
-display system which allows you to view a computing `desktop' environment
-not only on the machine where it is running, but from anywhere on the
-Internet and from a wide variety of machine architectures.
-
-KasmVNC has different goals than TigerVNC:
-
-Web-based - KasmVNC is designed to provide a web accessible remote desktop.
-It comes with a web server and web-socket server built in. There is no need to
-install other components. Simply run and navigate to your desktop's URL on the
-port you specify. While you can still tun on the legacy VNC port, it is
-disabled by default.
-
-Security - KasmVNC defaults to HTTPS and allows for HTTP Basic Auth. VNC
-Password authentication is limited by specification to 8 characters and is not
-sufficient for use on an internet accessible remote desktop. Our goal is to
-create a by default secure, web based experience.
-
-Simplicity - KasmVNC aims at being simple to deploy and configure.
-
-%prep
-
-%install
-rm -rf $RPM_BUILD_ROOT
-
-TARGET_OS=$KASMVNC_BUILD_OS
-TARGET_OS_CODENAME=$KASMVNC_BUILD_OS_CODENAME
-TARBALL=$RPM_SOURCE_DIR/kasmvnc.${TARGET_OS}_${TARGET_OS_CODENAME}.tar.gz
-TAR_DATA=$(mktemp -d)
-tar -xzf "$TARBALL" -C "$TAR_DATA"
-
-SRC=$TAR_DATA/usr/local
-SRC_BIN=$SRC/bin
-DESTDIR=$RPM_BUILD_ROOT
-DST_MAN=$DESTDIR/usr/share/man/man1
-
-mkdir -p $DESTDIR/usr/bin $DESTDIR/usr/share/man/man1 \
-  $DESTDIR/usr/share/doc/kasmvncserver
-cp $SRC_BIN/Xvnc $DESTDIR/usr/bin;
-cp $SRC_BIN/vncserver $DESTDIR/usr/bin;
-cp $SRC_BIN/vncconfig $DESTDIR/usr/bin;
-cp $SRC_BIN/kasmvncpasswd $DESTDIR/usr/bin;
-cp $SRC_BIN/kasmxproxy $DESTDIR/usr/bin;
-cd $DESTDIR/usr/bin && ln -s kasmvncpasswd vncpasswd;
-cp -r $SRC/share/doc/kasmvnc*/* $DESTDIR/usr/share/doc/kasmvncserver/
-rsync -r --exclude '.git*' --exclude po2js --exclude xgettext-html \
-  --exclude www/utils/ --exclude .eslintrc \
-  $SRC/share/kasmvnc $DESTDIR/usr/share
-cp $SRC/man/man1/Xvnc.1 $DESTDIR/usr/share/man/man1/;
-cp $SRC/share/man/man1/vncserver.1 $DST_MAN;
-cp $SRC/share/man/man1/vncconfig.1 $DST_MAN;
-cp $SRC/share/man/man1/vncpasswd.1 $DST_MAN;
-cp $SRC/share/man/man1/kasmxproxy.1 $DST_MAN;
-cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
-
-
-%files
-/usr/bin/*
-/usr/share/man/man1/*
-/usr/share/kasmvnc/www
-
-%license /usr/share/doc/kasmvncserver/LICENSE.TXT
-%doc /usr/share/doc/kasmvncserver/README.md
-
-%changelog
-* Tue Mar 22 2022 KasmTech <info@kasmweb.com> - 0.9.3~beta-1
-* Fri Feb 12 2021 KasmTech <info@kasmweb.com> - 0.9.1~beta-1
-- Initial release of the rpm package.
-
-%post
-  kasmvnc_group="kasmvnc-cert"
-
-  create_kasmvnc_group() {
-    if ! getent group "$kasmvnc_group" >/dev/null; then
-	    groupadd --system "$kasmvnc_group"
-    fi
-  }
-
-  make_self_signed_certificate() {
-    local cert_file=/etc/pki/tls/private/kasmvnc.pem
-    [ -f "$cert_file" ] && return 0
-
-    openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-      -keyout "$cert_file" \
-      -out "$cert_file" -subj \
-      "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
-    chgrp "$kasmvnc_group" "$cert_file"
-    chmod 640 "$cert_file"
-  }
-
-  create_kasmvnc_group
-  make_self_signed_certificate
-
-%postun
-  rm -f /etc/pki/tls/private/kasmvnc.pem

oracle/kasmvncserver.spec

@@ -1,108 +0,0 @@
-Name:           kasmvncserver
-Version:        0.9.3~beta
-Release:        1%{?dist}
-Summary:        VNC server accessible from a web browser
-
-License: GPLv2+
-URL: https://github.com/kasmtech/KasmVNC
-
-BuildRequires: rsync
-Requires: xorg-x11-xauth, xorg-x11-xkb-utils, xkeyboard-config, xorg-x11-server-utils, openssl, perl
-Conflicts: tigervnc-server, tigervnc-server-minimal
-
-%description
-VNC stands for Virtual Network Computing. It is, in essence, a remote
-display system which allows you to view a computing `desktop' environment
-not only on the machine where it is running, but from anywhere on the
-Internet and from a wide variety of machine architectures.
-
-KasmVNC has different goals than TigerVNC:
-
-Web-based - KasmVNC is designed to provide a web accessible remote desktop.
-It comes with a web server and web-socket server built in. There is no need to
-install other components. Simply run and navigate to your desktop's URL on the
-port you specify. While you can still tun on the legacy VNC port, it is
-disabled by default.
-
-Security - KasmVNC defaults to HTTPS and allows for HTTP Basic Auth. VNC
-Password authentication is limited by specification to 8 characters and is not
-sufficient for use on an internet accessible remote desktop. Our goal is to
-create a by default secure, web based experience.
-
-Simplicity - KasmVNC aims at being simple to deploy and configure.
-
-%prep
-
-%install
-rm -rf $RPM_BUILD_ROOT
-
-TARGET_OS=$KASMVNC_BUILD_OS
-TARGET_OS_CODENAME=$KASMVNC_BUILD_OS_CODENAME
-TARBALL=$RPM_SOURCE_DIR/kasmvnc.${TARGET_OS}_${TARGET_OS_CODENAME}.tar.gz
-TAR_DATA=$(mktemp -d)
-tar -xzf "$TARBALL" -C "$TAR_DATA"
-
-SRC=$TAR_DATA/usr/local
-SRC_BIN=$SRC/bin
-DESTDIR=$RPM_BUILD_ROOT
-DST_MAN=$DESTDIR/usr/share/man/man1
-
-mkdir -p $DESTDIR/usr/bin $DESTDIR/usr/share/man/man1 \
-  $DESTDIR/usr/share/doc/kasmvncserver
-cp $SRC_BIN/Xvnc $DESTDIR/usr/bin;
-cp $SRC_BIN/vncserver $DESTDIR/usr/bin;
-cp $SRC_BIN/vncconfig $DESTDIR/usr/bin;
-cp $SRC_BIN/kasmvncpasswd $DESTDIR/usr/bin;
-cp $SRC_BIN/kasmxproxy $DESTDIR/usr/bin;
-cd $DESTDIR/usr/bin && ln -s kasmvncpasswd vncpasswd;
-cp -r $SRC/share/doc/kasmvnc*/* $DESTDIR/usr/share/doc/kasmvncserver/
-rsync -r --exclude '.git*' --exclude po2js --exclude xgettext-html \
-  --exclude www/utils/ --exclude .eslintrc \
-  $SRC/share/kasmvnc $DESTDIR/usr/share
-cp $SRC/man/man1/Xvnc.1 $DESTDIR/usr/share/man/man1/;
-cp $SRC/share/man/man1/vncserver.1 $DST_MAN;
-cp $SRC/share/man/man1/vncconfig.1 $DST_MAN;
-cp $SRC/share/man/man1/vncpasswd.1 $DST_MAN;
-cp $SRC/share/man/man1/kasmxproxy.1 $DST_MAN;
-cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
-
-
-%files
-/usr/bin/*
-/usr/share/man/man1/*
-/usr/share/kasmvnc/www
-
-%license /usr/share/doc/kasmvncserver/LICENSE.TXT
-%doc /usr/share/doc/kasmvncserver/README.md
-
-%changelog
-* Tue Mar 22 2022 KasmTech <info@kasmweb.com> - 0.9.3~beta-1
-* Fri Feb 12 2021 KasmTech <info@kasmweb.com> - 0.9.1~beta-1
-- Initial release of the rpm package.
-
-%post
-  kasmvnc_group="kasmvnc-cert"
-
-  create_kasmvnc_group() {
-    if ! getent group "$kasmvnc_group" >/dev/null; then
-	    groupadd --system "$kasmvnc_group"
-    fi
-  }
-
-  make_self_signed_certificate() {
-    local cert_file=/etc/pki/tls/private/kasmvnc.pem
-    [ -f "$cert_file" ] && return 0
-
-    openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-      -keyout "$cert_file" \
-      -out "$cert_file" -subj \
-      "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
-    chgrp "$kasmvnc_group" "$cert_file"
-    chmod 640 "$cert_file"
-  }
-
-  create_kasmvnc_group
-  make_self_signed_certificate
-
-%postun
-  rm -f /etc/pki/tls/private/kasmvnc.pem

release/maketarball.in

@@ -45,12 +45,13 @@ mkdir -p $OUTDIR/man/man1
 
 make DESTDIR=$TMPDIR/inst install
 if [ $SERVER = 1 ]; then
-	install -m 755 ./unix/kasmxproxy/kasmxproxy $OUTDIR/bin/
 	install -m 755 ./xorg.build/bin/Xvnc $OUTDIR/bin/
 	install -m 644 ./xorg.build/man/man1/Xvnc.1 $OUTDIR/man/man1/Xvnc.1
 	install -m 644 ./xorg.build/man/man1/Xserver.1 $OUTDIR/man/man1/Xserver.1
 	mkdir -p $OUTDIR/lib/dri/
 	install -m 755 ./xorg.build/lib/dri/swrast_dri.so $OUTDIR/lib/dri/
+	mkdir -p $OUTDIR/lib/kasmvnc
+	install -m 755 $SRCDIR/builder/startup/deb/select-de.sh $OUTDIR/lib/kasmvnc
 	mkdir -p $OUTDIR/share/kasmvnc
 	cp -r $SRCDIR/builder/www $OUTDIR/share/kasmvnc/www
 fi