Merge branch 'bugfix/KASM-3196_clip_0.9.3.2_hotfix' into 'release/0.9.3.1'

# Conflicts:
#   .gitmodules

.gitmodules

@@ -1,4 +1,4 @@
 [submodule "kasmweb"]
 	path = kasmweb
 	url = https://github.com/kasmtech/noVNC.git
-	branch = innovation/session_recording
+	branch = bugfix/KASM-3196_clip_0.9.3.2_hotfix 

README.md

@@ -8,10 +8,6 @@
   - Security - The RFB specification (VNC) limits the password field to 8 characters, so while the client may take a longer password, only the first 8 characters are sent. KasmVNC defaults to HTTPS with HTTP Basic Auth and disables the legacy VNC authentication method which is not sufficiently secure for internet accessible systems.
   - Simplicity - KasmVNC aims at being simple to deploy and configure.
 
-# Releases
-
-Since this is a fast evolving project, the documents on the tip of master are chaning rapidly and will not match releases. Be sure to use the README and other documentation from the release branch that matches the version of KasmVNC you are using. Do not use the README from the master branch, unless you are compiling KasmVNC yourself from the tip of master. All releases starting at 0.9.3 have a branch named in the format 'release/0.9.3', for example. 
-
 # New Features!
 
   - Webp image compression for better bandwidth usage
@@ -20,7 +16,6 @@ Since this is a fast evolving project, the documents on the tip of master are ch
   - [Full screen video detection](https://github.com/kasmtech/KasmVNC/wiki/Video-Rendering-Options#video-mode), goes into configurable video mode for better full screen videoo playback performance.
   - [Dynamic jpeg/webp image coompression](https://github.com/kasmtech/KasmVNC/wiki/Video-Rendering-Options#dynamic-image-quality) quality settings based on screen change rates
   - Seemless clipboard support (on Chromium based browsers)
-  - Binary clipboard support for text, images, and formatted text (on Chromium based browsers)
   - Allow client to set/change most configuration settings
   - [Data Loss Prevention features](https://github.com/kasmtech/KasmVNC/wiki/Data-Loss-Prevention)
     - Key stroke logging
@@ -30,20 +25,17 @@ Since this is a fast evolving project, the documents on the tip of master are ch
     - Keyboard input rate limit
     - Screen region selection
   - Deb packages for Debian, Ubuntu, and Kali Linux included in release.
-  - RPM packages for CentOS, Oracle, OpenSUSE, Fedora. RPM packages are currently not updatable and not released, though you can build and install them. See build documentation.
+  - RPM packages for CentOS, Fedora. RPM packages are currently not updatable and not released, though you can build and install them. See build documentation.
   - Web [API](https://github.com/kasmtech/KasmVNC/wiki/API) added for remotely controlling and getting information from KasmVNC
-  - Multi-User support with permissions that can be changed via the API
+  - Multi-User with ability to pass control to other users.
   - Web UI uses a webpack for faster load times.
   - Network and CPU bottleneck statistics
-  - Relative cursor support (game pointer mode)
-  - Cursor lock
-  - IME support for languages with extended characters
-  - Better mobile support
+
 
 Future Goals:
 
-  - UDP transport for faster frame rates
-  - H264 encoding
+  - Support uploads and downloads
+  - Pre-build Packages for all major Linux distributions
 
 ### Installation
 
@@ -66,9 +58,6 @@ sudo ln -s /usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start /usr/b
 sudo addgroup $USER ssl-cert
 # You will need to re-connect in order to pick up the group change
 
-# Create a KasmVNC user able to use keyboard and mouse:
-vncpasswd -u $USER -w
-
 # Create ~/.vnc directory and corresponding files.
 kasmvncserver-easy-start -d && kasmvncserver-easy-start -kill
 

builder/build.sh

@@ -1,4 +1,6 @@
-#!/bin/sh -e
+#!/bin/bash
+
+set -e
 
 detect_quilt() {
   if which quilt 1>/dev/null; then
@@ -13,11 +15,30 @@ ensure_crashpad_can_fetch_line_number_by_address() {
   fi
 }
 
+fail_on_gcc_12() {
+  if [[ -n "$CC" && -n "$CXX" ]]; then
+    return;
+  fi
+
+  if gcc --version | head -1 | grep -q 12; then
+    cat >&2 <<EOF
+
+Error: gcc 12 detected. It has a bug causing the build to fail because of a
+-Warray-bounds bug. Please use gcc 11 in the build Dockerfile:
+ENV CC=gcc-11
+ENV CXX=g++-11
+RUN <install gcc 11>
+EOF
+  exit 1
+  fi
+}
+
 # For build-dep to work, the apt sources need to have the source server
 #sudo apt-get build-dep xorg-server
 
 #sudo apt-get install cmake git libjpeg-dev libgnutls-dev
 
+fail_on_gcc_12
 # Ubuntu applies a million patches, but here we use upstream to simplify matters
 cd /tmp
 # default to the version of x in Ubuntu 18.04, otherwise caller will need to specify
@@ -36,8 +57,7 @@ sed -i -e '/find_package(FLTK/s@^@#@' \
 	-e '/add_subdirectory(tests/s@^@#@' \
 	CMakeLists.txt
 
-cmake -D CMAKE_BUILD_TYPE=RelWithDebInfo . -DBUILD_VIEWER:BOOL=OFF \
-  -DENABLE_GNUTLS:BOOL=OFF
+cmake -D CMAKE_BUILD_TYPE=RelWithDebInfo . -DBUILD_VIEWER:BOOL=OFF
 make -j5
 
 tar -C unix/xserver -xf /tmp/xorg-server-${XORG_VER}.tar.bz2 --strip-components=1
@@ -66,7 +86,6 @@ fi
 	--with-xkb-output=/var/lib/xkb \
 	--with-xkb-bin-directory=/usr/bin \
 	--with-default-font-path="/usr/share/fonts/X11/misc,/usr/share/fonts/X11/cyrillic,/usr/share/fonts/X11/100dpi/:unscaled,/usr/share/fonts/X11/75dpi/:unscaled,/usr/share/fonts/X11/Type1,/usr/share/fonts/X11/100dpi,/usr/share/fonts/X11/75dpi,built-ins" \
-  --with-sha1=libcrypto \
 	--without-dtrace --disable-dri \
         --disable-static \
 	--disable-xinerama --disable-xvfb --disable-xnest --disable-xorg \

builder/dockerfile.kali_kali-rolling.build

@@ -4,6 +4,8 @@ ENV KASMVNC_BUILD_OS kali
 ENV KASMVNC_BUILD_OS_CODENAME kali-rolling
 ENV XORG_VER 1.20.10
 ENV DEBIAN_FRONTEND noninteractive
+ENV CC=gcc-11
+ENV CXX=g++-11
 
 RUN grep '^deb'  /etc/apt/sources.list | sed 's#^deb#deb-src#' >> /etc/apt/sources.list
 
@@ -12,6 +14,7 @@ RUN apt-get update && \
 
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
+RUN apt-get update && apt-get -y install gcc-11 g++-11
 RUN apt-get update && apt-get -y install cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
 RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
 
@@ -20,7 +23,7 @@ RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/rel
 RUN cd /tmp && tar -xzf /tmp/libwebp-*
 RUN cd /tmp/libwebp-1.0.2 && \
     ./configure --enable-static --disable-shared && \
-    make && make install
+    make -j$(nproc) && make install
 
 RUN useradd -m docker && echo "docker:docker" | chpasswd && adduser docker sudo
 

builder/dockerfile.opensuse_15.barebones.rpm.test

@@ -9,8 +9,10 @@ RUN zypper -n install -y \
 # deps and rpm install
 RUN zypper -n install -y \
   libglvnd \
+  libgnutls30 \
   libgomp1 \
   libjpeg8 \
+  libnettle6 \
   libpixman-1-0 \
   libXdmcp6 \
   libXfont2-2 \
@@ -34,4 +36,4 @@ USER foo:kasmvnc-cert
 RUN mkdir ~/.vnc && echo '/usr/bin/xterm &' >> ~/.vnc/xstartup && \
   chmod +x ~/.vnc/xstartup
 
-ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u \"$VNC_USER\" && vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /etc/pki/tls/private/kasmvnc.pem -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "
+ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u \"$VNC_USER\" && vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 6901 -cert /etc/pki/tls/private/kasmvnc.pem -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "

builder/dockerfile.ubuntu_focal.build

@@ -12,7 +12,7 @@ RUN apt-get update && \
 
 RUN apt-get update && apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
-RUN apt-get update && apt-get -y install cmake git libjpeg-dev vim wget
+RUN apt-get update && apt-get -y install cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
 RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
 
 # Additions for webp

common/network/websocket.c

@@ -45,6 +45,7 @@ int ssl_initialized = 0;
 int pipe_error = 0;
 settings_t settings;
 
+extern int wakeuppipe[2];
 
 void traffic(const char * token) {
     /*if ((settings.verbose) && (! settings.daemon)) {
@@ -1083,6 +1084,9 @@ static uint8_t ownerapi_post(ws_ctx_t *ws_ctx, const char *in, const char * cons
         free(set->entries);
         free(set);
 
+        //force full frame to all users with at least read
+        write(wakeuppipe[1], "", 1);
+
         sprintf(buf, "HTTP/1.1 200 OK\r\n"
                  "Server: KasmVNC/4.0\r\n"
                  "Connection: close\r\n"
@@ -1172,6 +1176,9 @@ static uint8_t ownerapi_post(ws_ctx_t *ws_ctx, const char *in, const char * cons
             }
         }
 
+        //force full frame to all users with at least read
+        write(wakeuppipe[1], "", 1);
+
         free(set->entries);
         free(set);
 
@@ -1312,7 +1319,7 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
         }
     } else entry("/api/create_user") {
         char decname[1024] = "", decpw[1024] = "";
-        uint8_t read = 0, write = 0, owner = 0;
+        uint8_t read_p = 0, write_p = 0, owner_p = 0;
 
         param = parse_get(args, "name", &len);
         if (len) {
@@ -1337,29 +1344,32 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
         param = parse_get(args, "read", &len);
         if (len && isalpha(param[0])) {
             if (!strncmp(param, "true", len))
-                read = 1;
+                read_p = 1;
         }
 
         param = parse_get(args, "write", &len);
         if (len && isalpha(param[0])) {
             if (!strncmp(param, "true", len))
-                write = 1;
+                write_p = 1;
         }
 
         param = parse_get(args, "owner", &len);
         if (len && isalpha(param[0])) {
             if (!strncmp(param, "true", len))
-                owner = 1;
+                owner_p = 1;
         }
 
         if (!decname[0] || !decpw[0])
             goto nope;
 
-        if (!settings.adduserCb(settings.messager, decname, decpw, read, write, owner)) {
+        if (!settings.adduserCb(settings.messager, decname, decpw, read_p, write_p, owner_p)) {
             handler_msg("Invalid params to create_user\n");
             goto nope;
         }
 
+        //force full frame to all users with at least read
+        write(wakeuppipe[1], "", 1);
+
         sprintf(buf, "HTTP/1.1 200 OK\r\n"
                  "Server: KasmVNC/4.0\r\n"
                  "Connection: close\r\n"
@@ -1412,8 +1422,8 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
 
         if (!decname[0])
             goto nope;
-
-	uint64_t mask = 0;
+            
+        uint64_t mask = 0;
         uint8_t myread = 0;
         param = parse_get(args, "read", &len);
         if (len && isalpha(param[0])) {
@@ -1444,6 +1454,9 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
             goto nope;
         }
 
+        //force full frame to all users with at least read
+        write(wakeuppipe[1], "", 1);
+
         sprintf(buf, "HTTP/1.1 200 OK\r\n"
                  "Server: KasmVNC/4.0\r\n"
                  "Connection: close\r\n"

common/rfb/VNCSConnectionST.cxx

@@ -76,7 +76,7 @@ VNCSConnectionST::VNCSConnectionST(VNCServerST* server_, network::Socket *s,
   kasmpasswdpath[0] = '\0';
   wordexp_t wexp;
   if (!wordexp(rfb::Server::kasmPasswordFile, &wexp, WRDE_NOCMD))
-    strncpy(kasmpasswdpath, wexp.we_wordv[0], 4096);
+    strncpy(kasmpasswdpath, wexp.we_wordv[0], 4095);
   kasmpasswdpath[4095] = '\0';
   wordfree(&wexp);
 

common/rfb/VNCServerST.cxx

@@ -1181,3 +1181,13 @@ void VNCServerST::handleClipboardAnnounceBinary(VNCSConnectionST* client,
   clipboardClient = client;
   desktop->handleClipboardAnnounceBinary(num, mimes);
 }
+
+void VNCServerST::refreshClients()
+{
+  add_changed(pb->getRect());
+
+  std::list<VNCSConnectionST*>::iterator i;
+  for (i = clients.begin(); i != clients.end(); i++) {
+    (*i)->add_changed_all();
+  }
+}

common/rfb/VNCServerST.h

@@ -43,7 +43,6 @@ namespace rfb {
   class ListConnInfo;
   class PixelBuffer;
   class KeyRemapper;
-  class network::GetAPIMessager;
 
   class VNCServerST : public VNCServer,
                       public Timer::Callback,
@@ -198,6 +197,8 @@ namespace rfb {
     void handleClipboardAnnounceBinary(VNCSConnectionST* client, const unsigned num,
                                        const char mimes[][32]);
 
+    void refreshClients();
+
   protected:
 
     friend class VNCSConnectionST;

opensuse/kasmvncserver.spec

@@ -7,7 +7,7 @@ License: GPLv2+
 URL: https://github.com/kasmtech/KasmVNC
 
 BuildRequires: rsync
-Requires: xauth, libxkbcommon-x11-0, xkeyboard-config, x11-tools, openssl, perl, libpixman-1-0, libjpeg8, libgomp1, libXfont2-2, libXdmcp6, libglvnd, xkbcomp
+Requires: xauth, libxkbcommon-x11-0, xkeyboard-config, x11-tools, openssl, perl, libpixman-1-0, libnettle6, libjpeg8, libgomp1, libgnutls30, libXfont2-2, libXdmcp6, libglvnd, xkbcomp
 Conflicts: tigervnc, tigervnc-x11vnc
 
 %description

unix/kasmvncpasswd/kasmvncpasswd.c

@@ -33,15 +33,14 @@
 
 static void usage(const char *prog)
 {
-  fprintf(stderr, "Usage: %s -u username [-wnod] [password_file]\n"
+  fprintf(stderr, "Usage: %s -u username [-wnod] [file]\n"
                   "-r	Read permission\n"
                   "-w	Write permission\n"
                   "-o	Owner\n"
                   "-n	Don't change password, change permissions only\n"
                   "-d	Delete this user\n"
                   "\n"
-                  "The password file is updated atomically.\n"
-                  "For more information, run \"man vncpasswd\".\n\n"
+                  "The file is updated atomically.\n\n"
                   "To pass the password via a pipe, use\n"
                   "echo -e \"password\\npassword\\n\" | %s [-args]\n",
                   prog, prog);

unix/vncserver

@@ -281,7 +281,7 @@ $kasmAuthEnabled = 1;
 
 if ($kasmAuthEnabled) {
     if (!(-e "$ENV{HOME}/.kasmpasswd")) {
-        warn "\nYou need to create a KasmVNC user to access your desktops.\n\n";
+        warn "\nYou will require a password to access your desktops.\n\n";
         system($exedir."kasmvncpasswd $ENV{HOME}/.kasmpasswd");
         if (($? >> 8) != 0) {
             exit 1;

unix/xserver/hw/vnc/XserverDesktop.cc

@@ -49,6 +49,8 @@
 
 extern "C" {
 void vncSetGlueContext(int screenIndex);
+
+extern int wakeuppipe[2];
 }
 
 using namespace rfb;
@@ -307,6 +309,13 @@ void XserverDesktop::handleSocketEvent(int fd, bool read, bool write)
 {
   try {
     if (read) {
+      if (fd == wakeuppipe[0]) {
+        unsigned char buf;
+        while (::read(fd, &buf, 1) > 0);
+        server->refreshClients();
+        return;
+      }
+
       if (handleListenerEvent(fd, &listeners, server))
         return;
     }

unix/xserver/hw/vnc/vncExtInit.cc

@@ -17,8 +17,10 @@
  * USA.
  */
 
+#include <fcntl.h>
 #include <stdio.h>
 #include <string.h>
+#include <unistd.h>
 #include <errno.h>
 
 #include <set>
@@ -49,6 +51,8 @@
 
 extern "C" {
 void vncSetGlueContext(int screenIndex);
+
+int wakeuppipe[2];
 }
 
 using namespace rfb;
@@ -225,6 +229,11 @@ void vncExtensionInit(void)
           dummyY < 16)
           vncFatalError("Invalid value to %s", Server::maxVideoResolution.getName());
 
+      pipe(wakeuppipe);
+      const int flags = fcntl(wakeuppipe[0], F_GETFL, 0);
+      fcntl(wakeuppipe[0], F_SETFL, flags | O_NONBLOCK);
+      vncSetNotifyFd(wakeuppipe[0], 0, true, false);
+
       initialised = true;
     }