Re: [Tigervnc-devel] [PATCH] vncserver checks ~/.vnc/passwd when not needed and -TermOnLogout option
Committed as 4343, with modifications. Please test. On 3/8/11 6:48 AM, Sebastiaan Breedveld wrote: > --- vncserverorg2011-03-07 21:35:04.588985408 +0100 > +++ vncserver2011-03-08 13:46:03.0 +0100 > @@ -160,17 +160,57 @@ > } > } > > -# Make sure the user has a password. > +# Make sure the user has a password, if one needed > > -($z,$z,$mode) = stat("$vncUserDir/passwd"); > -if (!(-e "$vncUserDir/passwd") || ($mode & 077)) { > -warn "\nYou will require a password to access your desktops.\n\n"; > -system($exedir."vncpasswd -q $vncUserDir/passwd"); > -if (($? >> 8) != 0) { > -exit 1; > +# Check the arguments to check if VncAuth or TLSVnc or X509Vnc > +# is used as SecurityType, if SecurityType is specified at all. > +# If a password option is given at the command line, trust this (i.e. > do not check for existence). > +$has_securitytype = 0; > +$has_vnclikeauth = 0; > +$has_pwdcmdline = 0; > + > +for ($i=0; $i<@ARGV; ++$i) { > +# Options can be given by space (-SecurityTypes VNCAuth) or by = > (-SecurityTypes=VNCAuth) > +my @splitargs = split('=', $ARGV[$i]); > +push(@splitargs, $ARGV[$i+1]); > + > +# Check for security types > +if (lc(@splitargs[0]) eq "-securitytypes") > +{ > +$has_securitytype = 1; > + > +foreach $arg2 (split(',', @splitargs[1])) > +{ > +if ((lc($arg2) eq "vncauth") || (lc($arg2) eq "tlsvnc") || > (lc($arg2) eq "x509vnc")) > +{ > +# Need password > +$has_vnclikeauth = 1; > +} > +} > +} > + > +# Check for Password, PasswordFile or rfbauth options > +if ((lc(@splitargs[0]) eq "-password") || (lc(@splitargs[0]) eq > "-passwordfile" || (lc(@splitargs[0]) eq "-rfbauth"))) > +{ > +$has_pwdcmdline = 1; > } > } > > +# Now do some logic, and set VNC Password if it does not already exists > +if ((!$has_securitytype || ($has_securitytype && $has_vnclikeauth)) && > !$has_pwdcmdline) > +{ > +$needvncpass = 1; > +($z,$z,$mode) = stat("$vncUserDir/passwd"); > +if (!(-e "$vncUserDir/passwd") || ($mode & 077)) { > +warn "\nYou will require a password to access your desktops.\n\n"; > +system($exedir."vncpasswd -q $vncUserDir/passwd"); > +if (($? >> 8) != 0) { > +exit 1; > +} > +} > +} > + > + > # Find display number. > > if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) { -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
[Tigervnc-devel] Server should fail if incorrect security type passed on command line
In the process of testing the vncserver patch, I noticed that the server will start up successfully even if an invalid -SecurityTypes argument is passed. For instance, specifying -SecurityTypes=vnc will cause Xvnc to start up, but no client will be able to connect, because no valid authentication type will exist. A savvy user would have to read the server log file to figure out what was happening. This is the sort of failure that will generate about 1000 of the same question on support forums. IMHO, Xvnc should fail if an invalid security type is given as an argument. -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] [PATCH] vncserver checks ~/.vnc/passwd when not needed and -TermOnLogout option
I am evaluating this. Please, in the future, send patches as attachments, as copying/pasting them usually introduces unwanted linefeeds that make the patch fail. DRC On 3/8/11 6:48 AM, Sebastiaan Breedveld wrote: > On 03/03/2011 01:18 PM, Adam Tkac wrote: >> On Thu, Mar 03, 2011 at 01:11:22PM +0100, Sebastiaan Breedveld wrote: >>> > 2) When using the VeNCrypt security type, the ~/.vnc/passwd is not > necessary, yet the user is asked to create one. Same when using the > securitytype none. The script now checks for the -SecurityType option > and checks wether VeNCrypt type or none is specified. (That is, I am in > the assumption that the VeNCrypt type does not use the vnc password.) You are right, vncserver script shouldn't create passwd file unless it is needed. passwd file is needed only when at least one of those types is specified (case insensitive): VncAuth or TLSVnc or X509Vnc By default server allows VncAuth and TLSVnc. Correct approach is: 1. if -SecurityTypes parameter is not specified, create .vnc/passwd 2. if -SecurityTypes contains at least one of three types specified above, create .vnc/passwd 3. otherwise don't create .vnc/passwd Note in 1. and 2. cases you need to pass -rfbauth parameter, otherwise Xvnc won't find password file. With this checks vncserver will create .vnc/passwd only when needed. >>> Ok, I was about to get this as well ;) In addition to the above: >>> 4. do not create .vnc/passwd if -Password, -PasswordFile or -rfbauth is >>> already given. >> Right you are, I forgot this case ;) >> >>> Thinking about -Password: is there any sane environment where this is >>> still used? >> If I remember correctly someone uses this option for one-time >> passwords in his TigerVNC server deployment. >> >> Regards, Adam >> > Ok, here is, at last, the patch for the vncserver script, which checks > the above. Maybe not the strongest piece of Perl, but it works ;) > > > --- vncserverorg2011-03-07 21:35:04.588985408 +0100 > +++ vncserver2011-03-08 13:46:03.0 +0100 > @@ -160,17 +160,57 @@ > } > } > > -# Make sure the user has a password. > +# Make sure the user has a password, if one needed > > -($z,$z,$mode) = stat("$vncUserDir/passwd"); > -if (!(-e "$vncUserDir/passwd") || ($mode & 077)) { > -warn "\nYou will require a password to access your desktops.\n\n"; > -system($exedir."vncpasswd -q $vncUserDir/passwd"); > -if (($? >> 8) != 0) { > -exit 1; > +# Check the arguments to check if VncAuth or TLSVnc or X509Vnc > +# is used as SecurityType, if SecurityType is specified at all. > +# If a password option is given at the command line, trust this (i.e. > do not check for existence). > +$has_securitytype = 0; > +$has_vnclikeauth = 0; > +$has_pwdcmdline = 0; > + > +for ($i=0; $i<@ARGV; ++$i) { > +# Options can be given by space (-SecurityTypes VNCAuth) or by = > (-SecurityTypes=VNCAuth) > +my @splitargs = split('=', $ARGV[$i]); > +push(@splitargs, $ARGV[$i+1]); > + > +# Check for security types > +if (lc(@splitargs[0]) eq "-securitytypes") > +{ > +$has_securitytype = 1; > + > +foreach $arg2 (split(',', @splitargs[1])) > +{ > +if ((lc($arg2) eq "vncauth") || (lc($arg2) eq "tlsvnc") || > (lc($arg2) eq "x509vnc")) > +{ > +# Need password > +$has_vnclikeauth = 1; > +} > +} > +} > + > +# Check for Password, PasswordFile or rfbauth options > +if ((lc(@splitargs[0]) eq "-password") || (lc(@splitargs[0]) eq > "-passwordfile" || (lc(@splitargs[0]) eq "-rfbauth"))) > +{ > +$has_pwdcmdline = 1; > } > } > > +# Now do some logic, and set VNC Password if it does not already exists > +if ((!$has_securitytype || ($has_securitytype && $has_vnclikeauth)) && > !$has_pwdcmdline) > +{ > +$needvncpass = 1; > +($z,$z,$mode) = stat("$vncUserDir/passwd"); > +if (!(-e "$vncUserDir/passwd") || ($mode & 077)) { > +warn "\nYou will require a password to access your desktops.\n\n"; > +system($exedir."vncpasswd -q $vncUserDir/passwd"); > +if (($? >> 8) != 0) { > +exit 1; > +} > +} > +} > + > + > # Find display number. > > if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) { > > > > -- > What You Don't Know About Data Connectivity CAN Hurt You > This paper provides an overview of data connectivity, details > its effect on application quality, and explores various alternative > solutions. http://p.sf.net/sfu/progress-d2d > ___ > Tigervnc-devel mailing list > Tigervnc-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] Improvements for Windows installer
Never mind. I figured out the procedure for generating .lib files. I've tested the patch, and it works great, so I checked it into 1.1 and documented the procedure necessary to build with Visual C++. Windows is still suffering from the TLS refresh issue described earlier. It affects VirtualGL as well (you have to move the mouse to see the 3D application change frames.) I don't have the time to look into this at the moment, but IMHO, it should be fixed before we release 1.1 beta. I am looking at the vncserver script modifications submitted by Sebastiaan. Once that and the refresh issue are addressed, I will spin a new build. On 3/8/11 7:58 AM, Adam Tkac wrote: > Hello, > > I just finished little patch for Windows installer. With this patch it > is possible to create .exe installer for TigerVNC stuff built with > VC++ with GNUTLS support. Both winvnc and vncviewer can take advantage > of TLS encryption. > > What is your opinion about the patch? Is it ok for 1.1? > > Installer built with the patch is located on > http://atkac.fedorapeople.org/tigervnc/TigerVNC-1.0.90.exe > > Regards, Adam > > > > > -- > What You Don't Know About Data Connectivity CAN Hurt You > This paper provides an overview of data connectivity, details > its effect on application quality, and explores various alternative > solutions. http://p.sf.net/sfu/progress-d2d > > > > ___ > Tigervnc-devel mailing list > Tigervnc-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tigervnc-devel -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] r4338: undefined reference to `typeinfo for rfb::PixelTransformer'
On 03/08/2011 01:33 PM, Pierre Ossman wrote: > On Tue, 08 Mar 2011 13:00:41 -0500 > Antoine Martin wrote: > >> I've just tried to build trunk (r4338) and this is the error I got: >> >> undefined reference to `rfb::PixelTransformer::~PixelTransformer()' >> ../../common/rfb/.libs/librfb.a(librfb_la-TransImageGetter.o):(.data.rel.ro._ZTIN3rfb16TransImageGetterE[typeinfo >> for rfb::TransImageGetter]+0x18): undefined reference to `typeinfo for >> rfb::PixelTransformer' > My bad. I was in full CMake mode and completely forgot about autotools. > Please try again now. :) It's fine now, well, I'm back to the linker issues: /usr/bin/ld: ../../glx/.libs/libglx.a(glxdriswrast.o): undefined reference to symbol 'dlclose@@GLIBC_2.2.5' /usr/bin/ld: note: 'dlclose@@GLIBC_2.2.5' is defined in DSO //lib64/libdl.so.2 so try adding it to the linker command line //lib64/libdl.so.2: could not read symbols: Invalid operation collect2: ld returned 1 exit status make[3]: *** [Xvnc] Error 1 make[3]: Leaving directory `/usr/src/tigervnc-1.0.90-r4340/xorg/xserver/hw/vnc' Hopefully someone can tell me how to get past those... Cheers Antoine > Rgds -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] [Tigervnc-commits] SF.net SVN: tigervnc:[4336] trunk
On 3/8/11 10:32 AM, ossm...@users.sourceforge.net wrote: > +# Compatibility variables for the migration from autotools > +add_definitions(-DPACKAGE_NAME="${CMAKE_PROJECT_NAME}") > +add_definitions(-DPACKAGE_VERSION="${VERSION}") > +add_definitions(-DLOCALEDIR="${CMAKE_INSTALL_PREFIX}/share/locale") I think these should really go in config.h.cmake.in -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] Improvements for Windows installer
I looked at the enabled methods from the options window. Only None was set for encryption. I have had more than one installation of TigerVNC's WinVNC at this point so I can not be sure if it is a leftover setting or the actual default. This should have all three checked from what you just explained. Can anyone else confirm that is when is actually being setup when it is installed? Robert On 03/08/2011 01:06 PM, DRC wrote: The default behavior, assuming that both client and server were built with TLS support, is that VncAuth will be used by default, but TLSVnc can always be requested by the client, either from the command line or the GUI. If this isn't working, run Xvnc -? on the server and make sure that TLSVnc appears as an available security type. On 3/8/11 8:53 AM, Robert Goley wrote: One additional thing. It seems that TLS connections are disabled by default. Not sure if this is the real default or the result of using a build without TLS prior to this version. My understanding was that TLS would be enabled so that VncAuth was default and TLS was available if requested by the client. Is that the case? -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel -- Robert Goley FOSS Implementation Specialist Toll Free: (800) 338-4984 Local: (770) 479-7933 Fax: (770) 479-4076 www.openrda.com America's only Free & Open Source fund accounting software company. -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] r4338: undefined reference to `typeinfo for rfb::PixelTransformer'
On Tue, 08 Mar 2011 13:00:41 -0500 Antoine Martin wrote: > I've just tried to build trunk (r4338) and this is the error I got: > > undefined reference to `rfb::PixelTransformer::~PixelTransformer()' > ../../common/rfb/.libs/librfb.a(librfb_la-TransImageGetter.o):(.data.rel.ro._ZTIN3rfb16TransImageGetterE[typeinfo > for rfb::TransImageGetter]+0x18): undefined reference to `typeinfo for > rfb::PixelTransformer' My bad. I was in full CMake mode and completely forgot about autotools. Please try again now. :) Rgds -- Pierre OssmanOpenSource-based Thin Client Technology System Developer Telephone: +46-13-21 46 00 Cendio ABWeb: http://www.cendio.com signature.asc Description: PGP signature -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] Improvements for Windows installer
The default behavior, assuming that both client and server were built with TLS support, is that VncAuth will be used by default, but TLSVnc can always be requested by the client, either from the command line or the GUI. If this isn't working, run Xvnc -? on the server and make sure that TLSVnc appears as an available security type. On 3/8/11 8:53 AM, Robert Goley wrote: > One additional thing. It seems that TLS connections are disabled by > default. Not sure if this is the real default or the result of using a > build without TLS prior to this version. My understanding was that TLS > would be enabled so that VncAuth was default and TLS was available if > requested by the client. Is that the case? -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
[Tigervnc-devel] r4338: undefined reference to `typeinfo for rfb::PixelTransformer'
I've just tried to build trunk (r4338) and this is the error I got: /usr/src/tigervnc-1.0.90-r4338/common/rfb/TransImageGetter.cxx:41: undefined reference to `rfb::PixelTransformer::~PixelTransformer()' /usr/src/tigervnc-1.0.90-r4338/common/rfb/TransImageGetter.cxx:41: undefined reference to `rfb::PixelTransformer::~PixelTransformer()' /usr/src/tigervnc-1.0.90-r4338/common/rfb/TransImageGetter.cxx:41: undefined reference to `rfb::PixelTransformer::~PixelTransformer()' ../../common/rfb/.libs/librfb.a(librfb_la-TransImageGetter.o): In function `TransImageGetter': /usr/src/tigervnc-1.0.90-r4338/common/rfb/TransImageGetter.cxx:35: undefined reference to `rfb::PixelTransformer::PixelTransformer(bool)' /usr/src/tigervnc-1.0.90-r4338/common/rfb/TransImageGetter.cxx:37: undefined reference to `rfb::PixelTransformer::~PixelTransformer()' /usr/src/tigervnc-1.0.90-r4338/common/rfb/TransImageGetter.cxx:35: undefined reference to `rfb::PixelTransformer::PixelTransformer(bool)' /usr/src/tigervnc-1.0.90-r4338/common/rfb/TransImageGetter.cxx:37: undefined reference to `rfb::PixelTransformer::~PixelTransformer()' ../../common/rfb/.libs/librfb.a(librfb_la-TransImageGetter.o):(.data.rel.ro._ZTIN3rfb16TransImageGetterE[typeinfo for rfb::TransImageGetter]+0x18): undefined reference to `typeinfo for rfb::PixelTransformer' collect2: ld returned 1 exit status make[3]: *** [x0vncserver] Error 1 make[3]: Leaving directory `/usr/src/tigervnc-1.0.90-r4338/unix/x0vncserver' -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] Improvements for Windows installer
I don't see any problems with the patch, but how are you creating the Visual Studio .lib files? I'll need to document that process. On 3/8/11 7:58 AM, Adam Tkac wrote: > Hello, > > I just finished little patch for Windows installer. With this patch it > is possible to create .exe installer for TigerVNC stuff built with > VC++ with GNUTLS support. Both winvnc and vncviewer can take advantage > of TLS encryption. > > What is your opinion about the patch? Is it ok for 1.1? > > Installer built with the patch is located on > http://atkac.fedorapeople.org/tigervnc/TigerVNC-1.0.90.exe > > Regards, Adam > > > > > -- > What You Don't Know About Data Connectivity CAN Hurt You > This paper provides an overview of data connectivity, details > its effect on application quality, and explores various alternative > solutions. http://p.sf.net/sfu/progress-d2d > > > > ___ > Tigervnc-devel mailing list > Tigervnc-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tigervnc-devel -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] [Tigervnc-commits] SF.net SVN: tigervnc:[4323] trunk/CMakeLists.txt
On 3/8/11 7:24 AM, Pierre Ossman wrote: > /usr/x86_64-w64-mingw32/sys-root/mingw/include/shlobj.h:14:2: error: #error > _WIN32_IE setting conflicts > In file included from > /usr/x86_64-w64-mingw32/sys-root/mingw/include/shlobj.h:88, > from /home/ossman/devel/tigervnc/clean/common/os/os.cxx:36: > /usr/x86_64-w64-mingw32/sys-root/mingw/include/shlguid.h:13:2: error: #error > _WIN32_IE setting conflicts > make[2]: *** [common/os/CMakeFiles/os.dir/os.cxx.obj] Error 1 > make[1]: *** [common/os/CMakeFiles/os.dir/all] Error 2 > make: *** [all] Error 2 > > And looking in shlobj.h: > > #ifndef _WINRESRC_ > #ifndef _WIN32_IE > #define _WIN32_IE 0x0501 > #else > #if (_WIN32_IE < 0x0501) > #error _WIN32_IE setting conflicts > #endif > #endif > #endif My installation of MinGW64 doesn't do that. It must be a recent addition. -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] [Tigervnc-commits] SF.net SVN: tigervnc:[4317] trunk
On 3/8/11 6:06 AM, Pierre Ossman wrote: > Well, we've tried the dual build system approach in the past and it > didn't really work. As far as I'm concerned we have two options on the > table; going on ahead with using CMake for everything and dealing with > the fallout, or scrapping CMake and going back to autotools. The dual build system works fine in my mind. It was only Cendio that ever objected to it, and it seemed to be largely on philosophical grounds. We haven't eliminated autotools. We still have to use it to build the X server, and we always will. However, I'm not going to argue anymore about this, because that also takes up time that I don't have. I can't break away from paying work right now to go and dedicate another 30 or 40 hours to testing and tweaking the build tools, particularly given that someone will probably break them again long before 1.2, requiring a re-test. -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
[Tigervnc-devel] CMake for Unix
trunk now has something that can build the unix stuff. There's still some cleanup that needs to be done, but please start testing and see what breaks and what's missing. Tests of Windows builds are also needed, mainly using Microsofts tools. -- Pierre OssmanOpenSource-based Thin Client Technology System Developer Telephone: +46-13-21 46 00 Cendio ABWeb: http://www.cendio.com A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? signature.asc Description: PGP signature -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] Improvements for Windows installer
One additional thing. It seems that TLS connections are disabled by default. Not sure if this is the real default or the result of using a build without TLS prior to this version. My understanding was that TLS would be enabled so that VncAuth was default and TLS was available if requested by the client. Is that the case? Robert On 03/08/2011 08:58 AM, Adam Tkac wrote: Hello, I just finished little patch for Windows installer. With this patch it is possible to create .exe installer for TigerVNC stuff built with VC++ with GNUTLS support. Both winvnc and vncviewer can take advantage of TLS encryption. What is your opinion about the patch? Is it ok for 1.1? Installer built with the patch is located on http://atkac.fedorapeople.org/tigervnc/TigerVNC-1.0.90.exe Regards, Adam -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel -- Robert Goley FOSS Implementation Specialist Toll Free: (800) 338-4984 Local: (770) 479-7933 Fax: (770) 479-4076 www.openrda.com America's only Free & Open Source fund accounting software company. -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] Improvements for Windows installer
Thanks Adam for fixing the download permissions. I was able to download it and install it. First question is whether compiling it with debug mode is the reason for the service to leave a console window up. You can't close that console without closing the service. I hope the final will not be compiled with the console subsystem options... The second is an ongoing annoyance. The options screen has fonts that are too large for the screen space provided. I have my fonts set to normal and I can not see all of the text because it and other widgets go off the edge of the window. The fonts on the tabs are great. The fonts inside the tabs are much larger and bold. If the tabs are size 8 then they are size 12 inside the tabs. Is anyone else having this issue? I could deal with it if the Options window were at least stretchable but it is not... I will report more on TLS usage sometime later today. Robert On 03/08/2011 08:58 AM, Adam Tkac wrote: Hello, I just finished little patch for Windows installer. With this patch it is possible to create .exe installer for TigerVNC stuff built with VC++ with GNUTLS support. Both winvnc and vncviewer can take advantage of TLS encryption. What is your opinion about the patch? Is it ok for 1.1? Installer built with the patch is located on http://atkac.fedorapeople.org/tigervnc/TigerVNC-1.0.90.exe Regards, Adam -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel -- Robert Goley FOSS Implementation Specialist Toll Free: (800) 338-4984 Local: (770) 479-7933 Fax: (770) 479-4076 www.openrda.com America's only Free & Open Source fund accounting software company. -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
[Tigervnc-devel] Improvements for Windows installer
Hello, I just finished little patch for Windows installer. With this patch it is possible to create .exe installer for TigerVNC stuff built with VC++ with GNUTLS support. Both winvnc and vncviewer can take advantage of TLS encryption. What is your opinion about the patch? Is it ok for 1.1? Installer built with the patch is located on http://atkac.fedorapeople.org/tigervnc/TigerVNC-1.0.90.exe Regards, Adam -- Adam Tkac, Red Hat, Inc. Index: branches/1_1/win/tigervnc.iss.in === --- branches/1_1/win/tigervnc.iss.in(revision 4319) +++ branches/1_1/win/tigervnc.iss.in(working copy) @@ -27,6 +27,12 @@ Source: "@CMAKE_CURRENT_BINARY_DIR@\win\vncviewer\{#BUILD_DIR}vncviewer.exe"; DestDir: "{app}"; Flags: ignoreversion restartreplace; Source: "@CMAKE_SOURCE_DIR@\win\README_BINARY.txt"; DestDir: "{app}"; Flags: ignoreversion Source: "@CMAKE_SOURCE_DIR@\LICENCE.txt"; DestDir: "{app}"; Flags: ignoreversion +#ifdef HAVE_GNUTLS +Source: "@GNUTLS_INCLUDE_DIRS@\..\bin\libgnutls-*.dll"; DestDir: "{app}"; Flags: ignoreversion +Source: "@GNUTLS_INCLUDE_DIRS@\..\bin\libgcrypt-*.dll"; DestDir: "{app}"; Flags: ignoreversion +Source: "@GNUTLS_INCLUDE_DIRS@\..\bin\libtasn1-*.dll"; DestDir: "{app}"; Flags: ignoreversion +Source: "@GNUTLS_INCLUDE_DIRS@\..\bin\libgpg-error-*.dll"; DestDir: "{app}"; Flags: ignoreversion +#endif [Icons] Index: branches/1_1/CMakeLists.txt === --- branches/1_1/CMakeLists.txt (revision 4319) +++ branches/1_1/CMakeLists.txt (working copy) @@ -142,6 +142,10 @@ set(INST_DEPS ${INST_DEPS} winvnc4 wm_hooks vncconfig) endif() +if(GNUTLS_FOUND) + set(INST_DEFS ${INST_DEFS} -DHAVE_GNUTLS) +endif() + configure_file(win/tigervnc.iss.in tigervnc.iss) add_custom_target(installer -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] [Tigervnc-commits] SF.net SVN: tigervnc:[4323] trunk/CMakeLists.txt
On Fri, 04 Mar 2011 09:39:36 -0600 DRC wrote: > I'm really quite distressed at all of these modifications, because I > spent quite a bit of time making sure that the CMake build system for > Windows worked well on MinGW + GMake, MinGW64 + GMake, Visual C++ 32-bit > and 64-bit + NMake, Visual C++ 32-bit + Visual Studio IDE, and MinGW > cross-compiled on Linux. This is what I said earlier when we were > discussing whether to merge the Unix build into CMake-- the CMake system > is somewhat fragile. It works exactly as I designed it, but every piece > of code in there is in there for a reason. Well, if it's fragile then those issues should be fully documented. Otherwise there is no way to move forward with it without breaking things. And a build system we cannot modify is a build system we cannot use. > It should not be necessary to specify a minimum platform of Windows XP. > Please describe the exact build problem you are having which inspired > this patch. /usr/x86_64-w64-mingw32/sys-root/mingw/include/shlobj.h:14:2: error: #error _WIN32_IE setting conflicts In file included from /usr/x86_64-w64-mingw32/sys-root/mingw/include/shlobj.h:88, from /home/ossman/devel/tigervnc/clean/common/os/os.cxx:36: /usr/x86_64-w64-mingw32/sys-root/mingw/include/shlguid.h:13:2: error: #error _WIN32_IE setting conflicts make[2]: *** [common/os/CMakeFiles/os.dir/os.cxx.obj] Error 1 make[1]: *** [common/os/CMakeFiles/os.dir/all] Error 2 make: *** [all] Error 2 And looking in shlobj.h: #ifndef _WINRESRC_ #ifndef _WIN32_IE #define _WIN32_IE 0x0501 #else #if (_WIN32_IE < 0x0501) #error _WIN32_IE setting conflicts #endif #endif #endif Rgds -- Pierre OssmanOpenSource-based Thin Client Technology System Developer Telephone: +46-13-21 46 00 Cendio ABWeb: http://www.cendio.com A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? signature.asc Description: PGP signature -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] [PATCH] vncserver checks ~/.vnc/passwd when not needed and -TermOnLogout option
On 03/03/2011 01:18 PM, Adam Tkac wrote: > On Thu, Mar 03, 2011 at 01:11:22PM +0100, Sebastiaan Breedveld wrote: >> > 2) When using the VeNCrypt security type, the ~/.vnc/passwd is not necessary, yet the user is asked to create one. Same when using the securitytype none. The script now checks for the -SecurityType option and checks wether VeNCrypt type or none is specified. (That is, I am in the assumption that the VeNCrypt type does not use the vnc password.) >>> You are right, vncserver script shouldn't create passwd file unless >>> it is needed. >>> >>> passwd file is needed only when at least one of those types is >>> specified (case insensitive): >>> >>> VncAuth or TLSVnc or X509Vnc >>> >>> By default server allows VncAuth and TLSVnc. >>> >>> Correct approach is: >>> 1. if -SecurityTypes parameter is not specified, create .vnc/passwd >>> 2. if -SecurityTypes contains at least one of three types specified >>> above, create .vnc/passwd >>> 3. otherwise don't create .vnc/passwd >>> >>> Note in 1. and 2. cases you need to pass -rfbauth parameter, otherwise >>> Xvnc won't find password file. >>> >>> With this checks vncserver will create .vnc/passwd only when needed. >>> >>> >> Ok, I was about to get this as well ;) In addition to the above: >> 4. do not create .vnc/passwd if -Password, -PasswordFile or -rfbauth is >> already given. > Right you are, I forgot this case ;) > >> Thinking about -Password: is there any sane environment where this is >> still used? > If I remember correctly someone uses this option for one-time > passwords in his TigerVNC server deployment. > > Regards, Adam > Ok, here is, at last, the patch for the vncserver script, which checks the above. Maybe not the strongest piece of Perl, but it works ;) --- vncserverorg2011-03-07 21:35:04.588985408 +0100 +++ vncserver2011-03-08 13:46:03.0 +0100 @@ -160,17 +160,57 @@ } } -# Make sure the user has a password. +# Make sure the user has a password, if one needed -($z,$z,$mode) = stat("$vncUserDir/passwd"); -if (!(-e "$vncUserDir/passwd") || ($mode & 077)) { -warn "\nYou will require a password to access your desktops.\n\n"; -system($exedir."vncpasswd -q $vncUserDir/passwd"); -if (($? >> 8) != 0) { -exit 1; +# Check the arguments to check if VncAuth or TLSVnc or X509Vnc +# is used as SecurityType, if SecurityType is specified at all. +# If a password option is given at the command line, trust this (i.e. do not check for existence). +$has_securitytype = 0; +$has_vnclikeauth = 0; +$has_pwdcmdline = 0; + +for ($i=0; $i<@ARGV; ++$i) { +# Options can be given by space (-SecurityTypes VNCAuth) or by = (-SecurityTypes=VNCAuth) +my @splitargs = split('=', $ARGV[$i]); +push(@splitargs, $ARGV[$i+1]); + +# Check for security types +if (lc(@splitargs[0]) eq "-securitytypes") +{ +$has_securitytype = 1; + +foreach $arg2 (split(',', @splitargs[1])) +{ +if ((lc($arg2) eq "vncauth") || (lc($arg2) eq "tlsvnc") || (lc($arg2) eq "x509vnc")) +{ +# Need password +$has_vnclikeauth = 1; +} +} +} + +# Check for Password, PasswordFile or rfbauth options +if ((lc(@splitargs[0]) eq "-password") || (lc(@splitargs[0]) eq "-passwordfile" || (lc(@splitargs[0]) eq "-rfbauth"))) +{ +$has_pwdcmdline = 1; } } +# Now do some logic, and set VNC Password if it does not already exists +if ((!$has_securitytype || ($has_securitytype && $has_vnclikeauth)) && !$has_pwdcmdline) +{ +$needvncpass = 1; +($z,$z,$mode) = stat("$vncUserDir/passwd"); +if (!(-e "$vncUserDir/passwd") || ($mode & 077)) { +warn "\nYou will require a password to access your desktops.\n\n"; +system($exedir."vncpasswd -q $vncUserDir/passwd"); +if (($? >> 8) != 0) { +exit 1; +} +} +} + + # Find display number. if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) { -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] [Tigervnc-commits] SF.net SVN: tigervnc:[4317] trunk
On Tue, Mar 08, 2011 at 01:06:03PM +0100, Pierre Ossman wrote: > On Fri, 04 Mar 2011 17:35:45 -0600 > DRC wrote: > > > It is what it is. My position has always been that integrating > > everything under CMake would be a tricky process requiring potentially > > hundreds of hours to get exactly right on all the platforms we care > > about, and the resulting system would likely be more fragile than the > > autotools build system. This is why I advocated keeping the Unix build > > system separate. > > Well, we've tried the dual build system approach in the past and it > didn't really work. As far as I'm concerned we have two options on the > table; going on ahead with using CMake for everything and dealing with > the fallout, or scrapping CMake and going back to autotools. +1 for CMake-only buildsys even if development on it might sometimes break buildsystem on certain platforms. If it happens it should be reported same way as DRC did it in the MinGW case. > > The bulk of the time I spent on doing the Windows > > CMake build system was spent regression testing, and there is no > > substitute for that. I consider the odds quite high that any major > > change made in the future to the CMake build system will break at least > > one configuration we care about. CMake has some very esoteric > > behaviors, and it's been my experience that often things just simply do > > not work as documented, so a good percentage of our CMake code is there > > because it was needed to work around something in CMake that was broken. > > I have no doubt that all the changes planned will break things > somewhere. That's why I'm trying to get most of the changes in now so > that we have a lot of time to find any problems. :) Proverb "You can't make an omelet without breaking eggs" is annoying but is also right. Regards, Adam -- Adam Tkac, Red Hat, Inc. -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] [Tigervnc-commits] SF.net SVN: tigervnc:[4317] trunk
On Fri, 04 Mar 2011 17:35:45 -0600 DRC wrote: > It is what it is. My position has always been that integrating > everything under CMake would be a tricky process requiring potentially > hundreds of hours to get exactly right on all the platforms we care > about, and the resulting system would likely be more fragile than the > autotools build system. This is why I advocated keeping the Unix build > system separate. Well, we've tried the dual build system approach in the past and it didn't really work. As far as I'm concerned we have two options on the table; going on ahead with using CMake for everything and dealing with the fallout, or scrapping CMake and going back to autotools. > The bulk of the time I spent on doing the Windows > CMake build system was spent regression testing, and there is no > substitute for that. I consider the odds quite high that any major > change made in the future to the CMake build system will break at least > one configuration we care about. CMake has some very esoteric > behaviors, and it's been my experience that often things just simply do > not work as documented, so a good percentage of our CMake code is there > because it was needed to work around something in CMake that was broken. I have no doubt that all the changes planned will break things somewhere. That's why I'm trying to get most of the changes in now so that we have a lot of time to find any problems. :) > I can't specifically recall why I used both CMAKE_CL_64 and > CMAKE_SIZEOF_VOID_P, but I have a nagging feeling that it was to work > around something. I would not change that without verifying that it > doesn't break one of the configurations. Part of the trickiness on > Windows comes from the fact that CMake has to be able to generate Visual > Studio projects, and when you are generating a Visual Studio project, > the compiler may or may not be accessible from the command line on which > you are running CMake. I suspect that this is why CMAKE_CL_64 is there. > CMAKE_SIZEOF_VOID_P has to run the compiler, whereas CMAKE_CL_64 > perhaps can detect whether you are using a 64-bit environment in the > Visual Studio IDE. I am not certain of that, however. > I think we have to assume that we have access to the compiler. Otherwise the use of CMake (or any general build system) becomes rather pointless as we cannot test for features and bugs. At that point we might as well check in Visual Studio project files. As for the matter at hand, I don't like having magic in the build system that we do not know why it's there. I'll commit a change to VOID_P and we'll see if and how it breaks the build. Then we can at least document why we need the hack. Rgds -- Pierre OssmanOpenSource-based Thin Client Technology System Developer Telephone: +46-13-21 46 00 Cendio ABWeb: http://www.cendio.com A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? signature.asc Description: PGP signature -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
Re: [Tigervnc-devel] autorepeat still not working?
On Fri, Mar 04, 2011 at 03:38:13PM +0100, Tim Ooms wrote: > Just thought of something: > it may be because I am using X.Org X Server 1.6.5 and not the 1.7 like > mentioned in the bug fixed report... I'll try to use 1.7, but I'm not > sure I will be able to do it. Xvnc based on the X.Org server 1.5.3 is probably the reason why this bug is still present... Will inspect it. Regards, Adam > On 04/03/11 15:33, Robert Goley wrote: > >I am still getting the same result as well. I am using Debian Lenny with > > Windows XP. Both are using DRC's binaries. > > > > Robert > > > > > > On 03/04/2011 05:36 AM, Tim Ooms wrote: > >> Hi, > >> > >> I just installed the pre-beta and it looks like the autorepeat (Bug > >> Tracker item #3036098) is still not working with tigervnc Xvnc linux > >> server and tigervnc windows client. > >> > >> When I try to use the autorepeat this appears in the logs (just like the > >> original bug report) > >> [mi] mieqEnequeue: out-of-order valuator event; dropping. > >> > > > > -- > > *Robert Goley* > > > > FOSS Implementation Specialist > > Toll Free: (800) 338-4984 > > Local: (770) 479-7933 > > Fax: (770) 479-4076 > > www.openrda.com > > > > /America's only Free& Open Source fund accounting software company./ > > > > > > > > -- > > What You Don't Know About Data Connectivity CAN Hurt You > > This paper provides an overview of data connectivity, details > > its effect on application quality, and explores various alternative > > solutions. http://p.sf.net/sfu/progress-d2d > > > > > > > > ___ > > Tigervnc-devel mailing list > > Tigervnc-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/tigervnc-devel > > > -- > What You Don't Know About Data Connectivity CAN Hurt You > This paper provides an overview of data connectivity, details > its effect on application quality, and explores various alternative > solutions. http://p.sf.net/sfu/progress-d2d > ___ > Tigervnc-devel mailing list > Tigervnc-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tigervnc-devel -- Adam Tkac, Red Hat, Inc. -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel