Commit Graph

127 Commits

Author SHA1 Message Date
Lauri Kasanen
29e0e2bd2e Fix animated cursor resize crash 2021-06-15 15:40:14 +03:00
Lauri Kasanen
9144045718 Append the microsecond-level connection time to the abstract socket name, making it always unique 2021-05-10 19:16:28 +03:00
Lauri Kasanen
7a695c976e Writer perms were checked in multiple places, consolidate and fix a missing case 2021-05-10 11:02:20 +03:00
Lauri Kasanen
14e08a2067 Add trailing slash in dir listing 2021-04-22 11:33:05 +03:00
Lauri Kasanen
95d34f7e58 Fix some local->remote clipboard merge misses 2021-04-13 13:49:43 +03:00
Lauri Kasanen
a1cf454f06 Sync utf8 clipboard support 2021-04-12 12:38:24 +03:00
lhchavez
25b8e64adb Add support for notifying clients about pointer movements
This change adds support for the VMware Mouse Position
pseudo-encoding[1], which is used to notify VNC clients when X11 clients
call `XWarpPointer()`[2]. This function is called by SDL (and other
similar libraries)  when they detect that the server does not support
native relative motion, like some RFB clients.

With this, RFB clients can choose to adjust the local cursor position
under certain circumstances to match what the server has set. For
instance, if pointer lock has been enabled on the client's machine and
the cursor is not being drawn locally, the local position of the cursor
is irrelevant, so the RFB client can use what the server sends as the
canonical absolute position of the cursor. This ultimately enables the
possibility of games (especially FPS games) to behave how users expect
(if the clients implement the corresponding change).

Part of: #619

1: https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#vmware-cursor-position-pseudo-encoding
2: https://tronche.com/gui/x/xlib/input/XWarpPointer.html
3: https://hg.libsdl.org/SDL/file/28e3b60e2131/src/events/SDL_mouse.c#l804
2021-03-29 11:27:54 +03:00
Pierre Ossman
d8caab699d Add missing headers for TCP_CORK
We didn't include the proper headers to get the correct define, so
corking was never enabled.
2021-03-29 11:04:00 +03:00
Pierre Ossman
189f503b98 Fix handling of bad update requests
We computed a safe area if a client gave us a bogus one, but we didn't
actually use it. Fix this properly and make sure we don't pass on bad
coordinates further.
2021-03-29 11:00:41 +03:00
Pierre Ossman
fde088ce65 Improved bandwidth monitoring
Now measures over an entire update, which should hopefully give us more
stable values. They are still small values for fast networks though so
increase precision in the values we keep.
2021-03-29 10:52:51 +03:00
Pierre Ossman
a55f142c98 Don't shuffle input buffer unless actually needed 2021-03-29 10:50:16 +03:00
Pierre Ossman
25995e2490 Remove unused bufSize argument from streams 2021-03-29 10:49:25 +03:00
Pierre Ossman
281d65292a Remove special functions from JPEG compressor
We can do what we want with the standard methods.
2021-03-29 10:48:55 +03:00
Pierre Ossman
57a3c3bba8 Simplify stream availability handling
Just have a simply number of bytes argument to avoid a lot of
complexity.
2021-03-29 10:48:26 +03:00
Pierre Ossman
92c7695981 Create common base classes for buffered streams
Most streams are backed by a memory buffer. Create common base classes
for this functionality to avoid code duplication.
2021-03-29 10:11:16 +03:00
Pierre Ossman
7f90205cf2 Add stream avail() methods
Makes it more readable to write code that needs to know how much
data/space is available in a stream.
2021-03-29 10:08:40 +03:00
Pierre Ossman
910fd8fa3e Remove unused stream methods
They were accidentally left unused in fbad8a9 so they haven't been used
in some time.
2021-03-29 10:04:04 +03:00
Pierre Ossman
c97828471c Use proper constants for socket shutdown()
For readability.
2021-03-29 10:03:05 +03:00
Pierre Ossman
c5b7137f2b Flush data on close
There might be some final handshake data that is still stuck in the
buffers, so make a best effort attempt at getting it to the client.
2021-03-29 10:02:31 +03:00
Pierre Ossman
a3c0ce55c9 Support calling methods from timers
We can't safely use the normal timers in base classes as we cannot
guarantee that subclasses will call the base class' handleTimeout()
properly if the subclass overrides it.
2021-03-29 09:58:18 +03:00
Lauri Kasanen
1632f4888d Enable basicauth by default, remove the option to supply it on the command line 2021-03-25 11:25:30 +02:00
matt
93d3bf052d Removed old line 2021-03-22 11:36:33 +00:00
matt
7b3f6876b4 Fixed syntax error 2021-03-22 11:23:49 +00:00
matt
46e03289be Manually merged region changes 2021-03-22 10:36:39 +00:00
Lauri Kasanen
c3e30dcea1 Add support for DLP_Region 2021-03-15 13:48:56 +02:00
Lauri Kasanen
fed991d697 Return 401 unauth for non-owner trying /api/ 2021-03-04 13:59:29 +02:00
Lauri Kasanen
1269fddadf Add a more specific error for a nonexistent screenshot 2021-03-04 13:43:05 +02:00
Lauri Kasanen
688e749fda Tentative build fix for newer gccs 2021-03-03 15:33:58 +02:00
Lauri Kasanen
980eedd33b Add HTTP GET APIs for creating, removing users and giving control 2021-03-03 14:55:14 +02:00
Lauri Kasanen
3f6524ee30 Add support for owner screenshot HTTP GET API 2021-03-02 15:23:32 +02:00
Dmitry Maksyoma
101695970b Reapply "Use crypt_r in threaded code" 2021-02-28 22:53:06 +13:00
Dmitry Maksyoma
9084409a20 Merge branch 'users' into packages_and_multiuser_passwd 2021-02-25 22:10:40 +13:00
Dmitry Maksyoma
fbe05cee86 Fix random 401 Forbidden on Ubuntu 20 and other newer releases 2021-02-25 21:23:21 +13:00
Dmitry Maksyoma
90101a7e91 Rpm: CentOS dfart. Rpm building isn't automated yet. 2021-02-05 23:49:47 +13:00
Dmitry Maksyoma
c32137fa17 Merge branch 'master' into create_ubuntu20_package 2021-01-20 23:39:29 +13:00
Lauri Kasanen
0d47d4890a Enable TLS 1.1 and 1.2 2021-01-20 22:49:32 +13:00
Lauri Kasanen
a4e70ff56b Remove less-than-256-colors indexed limit for small rects 2021-01-15 13:08:20 +02:00
Lauri Kasanen
83c83f43ef Add a parameter for separate SSL key 2021-01-15 13:07:53 +02:00
Lauri Kasanen
481b063eb7 Fix missing init for DLP timestamps 2020-12-03 12:29:38 +02:00
Lauri Kasanen
531705c05c Remove set-desktop-size perms from read-only clients 2020-10-14 15:50:28 +03:00
Lauri Kasanen
1f69d1584a Prevent read-only clients from changing kasm settings 2020-10-14 15:44:48 +03:00
Lauri Kasanen
a27744bca6 Enable TLS 1.1 and 1.2 2020-10-14 14:39:33 +03:00
Lauri Kasanen
36deba3a75 Correct non-basicauth and command-line user:pass being read-only 2020-10-14 14:27:08 +03:00
Lauri Kasanen
0c83a86bc8 Dynamically apply permissions 2020-10-13 13:38:18 +03:00
Lauri Kasanen
263d05a296 Apply read-only perms upon connecting 2020-10-12 15:11:49 +03:00
Lauri Kasanen
9a5afc5a62 Handle the new, multi-user kasmpasswd format auth 2020-10-12 14:58:11 +03:00
Lauri Kasanen
80513c8616 Change "recent" to be 10s from 60s, and in its own variable 2020-10-02 14:44:33 +03:00
Lauri Kasanen
1db77ee6bd Add some basicauth logging (most debug/verbose only) 2020-10-02 14:43:19 +03:00
Lauri Kasanen
279c41fc32 Add option to pass the password in an encrypted file, kasmvncpasswd utility 2020-10-01 14:37:51 +03:00
Lauri Kasanen
ae07707e66 Don't log BasicAuth 2020-10-01 13:07:32 +03:00
Lauri Kasanen
bb71cd4ec4 Have stats react faster to big cpu lag spikes 2020-10-01 13:00:34 +03:00
Lauri Kasanen
99fe70bbd6 Add a debug-level print on the last ~second's maximum encoding time 2020-09-28 14:37:19 +03:00
Lauri Kasanen
b30318a68f Change stats format to JSON array style 2020-09-28 14:26:38 +03:00
Lauri Kasanen
d5bdef121a Add support for bottleneck stats 2020-09-21 15:51:56 +03:00
Pierre Ossman
3528e358cc Free memory from getaddrinfo()
We handled this in the failure scenario, but not in the vastly more
common successful case.
2020-09-21 13:52:01 +03:00
Andrew Yoder
c312417d81 Correction to socket error connection message 2020-09-21 13:47:04 +03:00
Mark Mielke
80a637c793 Fix division by zero exception in SSecurityPlain.
If using SSecurityPlain and the user specifies an empty username
and password, it will invoke InStream::checkNoWait(0) which will
cause a division by zero when calculating the number of available
items.

Enhance InStream::check() to behave properly when asked for
zero items, or zero sized items.

Add comments to InStream::check(), InStream::checkNoWait(),
and InStream::readBytes() to document expected behaviour
when requested to check or read zero items, or an item with
zero size.
2020-09-21 13:46:38 +03:00
Pierre Ossman
47bba8a1e6 Fix JpegCompressor::overrun() type change
The method it overloads got tweaked some time ago, so we need to make
sure this method follows suit.
2020-09-21 13:42:29 +03:00
Pierre Ossman
da406d0cac Include error code in getaddrinfo() exceptions 2020-09-21 13:26:51 +03:00
Pierre Ossman
9240f0b85c Avoid using insecure variable length arrays 2020-09-21 13:26:39 +03:00
Alex Tanskanen
03639406dc Throw GAIException() for getaddrinfo errors
Created a new subclass of Exception called GAIException() that will
handle error messages from getaddrinfo() instead of letting Exception()
handle it. GAIException() will make use of gai_strerror() to map the
error code to text. On Windows, gai_strerrorW() must be used if the text
is encoded with UTF-8.
2020-09-21 13:26:15 +03:00
Alex Tanskanen
209712b18f Fix typo in SocketException message 2020-09-21 13:25:51 +03:00
Alex Tanskanen
57427d5d33 Make system error messeges in Windows 10 use UTF-8
The previous error messages did not support Unicode characters. This
commit will use UTF-8 encoding to be able to display error messages in
every language.
2020-09-21 13:25:38 +03:00
Pierre Ossman
f38e474993 Fix error check for zlib calls
There are multiple "okay" return values, not just Z_OK. Make sure we
don't bail out needlessly.
2020-09-21 13:18:11 +03:00
Lauri Kasanen
49f9ce8e5b Remove remnants of the old HTTP server 2020-09-21 13:17:11 +03:00
Pierre Ossman
06fd7ac061 Use sys/time.h on Windows as well
Modern MinGW seems to provide this, so simplify things a bit. This also
side steps some of the issue of the windows.h/winsock2.h include
ordering.
2020-09-21 13:05:50 +03:00
Pierre Ossman
b7dc4a16fe Handle pending data in TLS buffers
There might be more bytes left in the current TLS record, even if
there is nothing on the underlying stream. Make sure we properly
return this when we aren't being requested to block.
2020-09-21 13:00:41 +03:00
Pierre Ossman
ed73ac2aa7 Handle pixel formats with odd shift values
Our fast paths assume that each channel fits in to a separate byte.
That means the shift needs to be a multiple of 8. Start actually
checking this so that a client cannot trip us up and possibly cause
incorrect code exection.

Issue found by Pavel Cheremushkin from Kaspersky Lab.
2020-09-21 12:56:53 +03:00
Pierre Ossman
ae6cbd19e9 Be defensive about overflows in stream objects
We use a lot of lengths given to us over the network, so be more
paranoid about them causing an overflow as otherwise an attacker
might trick us in to overwriting other memory.

This primarily affects the client which often gets lengths from the
server, but there are also some scenarios where the server might
theoretically be vulnerable.

Issue found by Pavel Cheremushkin from Kaspersky Lab.
2020-09-21 12:56:23 +03:00
Pierre Ossman
259f1055cb Use size_t for lengths in stream objects
Provides safety against them accidentally becoming negative because
of bugs in the calculations.

Also does the same to CharArray and friends as they were strongly
connection to the stream objects.
2020-09-21 12:55:59 +03:00
Pierre Ossman
346fccb96c Remove unused FixedMemOutStream 2020-09-21 12:48:20 +03:00
Pierre Ossman
1d5aaf54f8 Add sanity checks for PixelFormat shift values
Otherwise we might be tricked in to reading and writing things at
incorrect offsets for pixels which ultimately could result in an
attacker writing things to the stack or heap and executing things
they shouldn't.

This only affects the server as the client never uses the pixel
format suggested by th server.

Issue found by Pavel Cheremushkin from Kaspersky Lab.
2020-09-21 12:47:56 +03:00
Pierre Ossman
9f7abaea3a Fix depth sanity test in PixelFormat 2020-09-21 12:47:22 +03:00
Pierre Ossman
1224cbdc21 Handle empty Tight gradient rects
We always assumed there would be one pixel per row so a rect with
a zero width would result in us writing to unknown memory.

This could theoretically be used by a malicious server to inject
code in to the viewer process.

Issue found by Pavel Cheremushkin from Kaspersky Lab.
2020-09-21 12:46:27 +03:00
Pierre Ossman
6a3f711878 Add write protection to OffsetPixelBuffer
No one should every try to write to this buffer. Enforce that by
throwing an exception if any one tries to get a writeable pointer
to the data.
2020-09-21 12:45:51 +03:00
Pierre Ossman
3282836baf Make ZlibInStream more robust against failures
Move the checks around to avoid missing cases where we might access
memory that is no longer valid. Also avoid touching the underlying
stream implicitly (e.g. via the destructor) as it might also no
longer be valid.

A malicious server could theoretically use this for remote code
execution in the client.

Issue found by Pavel Cheremushkin from Kaspersky Lab
2020-09-21 12:40:12 +03:00
matt
408c005d3e Initial commit 2020-09-20 12:16:44 +00:00