Specs: improve spec runner

Specs: extract spec_helper.py
Specs: improve run-specs(1)
2021-12-07 20:57:34 +13:00 · 2021-12-07 20:40:12 +13:00 · 2021-12-07 20:38:40 +13:00 · 2021-12-07 19:27:22 +13:00 · 2021-12-05 23:06:10 +13:00 · 2021-12-05 22:50:24 +13:00
106 changed files with 2374 additions and 11760 deletions
--- a/.ci/upload.sh
+++ b/.ci/upload.sh
@@ -6,27 +6,6 @@ is_kasmvnc() {
  echo "$package" | grep -q 'kasmvncserver_'
 }
 detect_deb_package_arch() {
  local deb_package="$1"
  echo "$deb_package" | sed -e 's/.\+_\([^.]\+\)\.\(d\?\)deb/\1/'
 }
 find_deb_package() {
  local dbgsym_package="$1"
  echo "$dbgsym_package" | sed -e 's/-dbgsym//; s/ddeb/deb/'
 }
 fetch_xvnc_md5sum() {
  local deb_package="$1"
  deb_package=$(realpath "$deb_package")
  local tmpdir=$(mktemp -d)
  cd "$tmpdir"
  dpkg-deb -e "$deb_package"
  cat DEBIAN/md5sums | grep bin/Xkasmvnc | cut -d' ' -f 1
 }
 function prepare_upload_filename() {
  local package="$1";
@@ -55,18 +34,19 @@ function prepare_upload_filename() {
 function upload_to_s3() {
  local package="$1";
  local upload_filename="$2";
  local s3_bucket="$3";
  # Transfer to S3
-  python3 amazon-s3-bitbucket-pipelines-python/s3_upload.py "${s3_bucket}" "$package" "${upload_filename}";
+  python3 amazon-s3-bitbucket-pipelines-python/s3_upload.py "${S3_BUCKET}" "$package" "${S3_BUILD_DIRECTORY}/${upload_filename}";
  # Use the Gitlab API to tell Gitlab where the artifact was stored
-  export S3_URL="https://${s3_bucket}.s3.amazonaws.com/${upload_filename}";
+  export S3_URL="https://${S3_BUCKET}.s3.amazonaws.com/${S3_BUILD_DIRECTORY}/${upload_filename}";
  export BUILD_STATUS="{\"key\":\"doc\", \"state\":\"SUCCESSFUL\", \"name\":\"${upload_filename}\", \"url\":\"${S3_URL}\"}";
  curl --request POST --header "PRIVATE-TOKEN:${GITLAB_API_TOKEN}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/statuses/${CI_COMMIT_SHA}?state=success&name=build-url&target_url=${S3_URL}";
 };
 function prepare_to_run_scripts_and_s3_uploads() {
  export DEBIAN_FRONTEND=noninteractive;
  apt-get update;
-  apt-get install -y ruby2.7 git wget;
+  apt-get install -y ruby2.7 git;
  apt-get install -y python3 python3-pip python3-boto3 curl pkg-config libxmlsec1-dev;
  git clone https://bitbucket.org/awslabs/amazon-s3-bitbucket-pipelines-python.git;
 };
--- a/.gitignore
+++ b/.gitignore
@@ -21,4 +21,3 @@ debian/files
 debian/kasmvncserver.substvars
 debian/kasmvncserver/
 .pc
 .vscode/
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,14 +3,9 @@ services:
  - docker:dind
 variables:
  KASMVNC_COMMIT_ID: $CI_COMMIT_SHA
  GITLAB_SHARED_DIND_DIR: /builds/$CI_PROJECT_PATH/shared
  GIT_SUBMODULE_STRATEGY: normal
  GIT_FETCH_EXTRA_FLAGS: --tags
  # E.g. BUILD_JOBS: build_debian_buster,build_ubuntu_bionic. This will include
  # arm builds, because build_debian_buster_arm matches build_debian_buster.
  # "BUILD_JOBS: none" won't build any build jobs, nor www.
  BUILD_JOBS: all
 stages:
  - www
@@ -42,9 +37,6 @@ build_www:
    - mkdir -p output/www
    - cd builder
    - tar -zcvf ../output/www/kasm_www.tar.gz www
  only:
    variables:
      - $BUILD_JOBS !~ /^none$/
  artifacts:
    paths:
      - output/
@@ -59,9 +51,6 @@ build_ubuntu_bionic:
    - *prepare_artfacts
  script:
    - bash builder/build-package ubuntu bionic
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
@@ -78,9 +67,6 @@ build_ubuntu_bionic_arm:
    - *prepare_artfacts
  script:
    - bash builder/build-package ubuntu bionic
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
@@ -95,9 +81,6 @@ build_ubuntu_bionic_libjpeg_turbo:
    - *prepare_artfacts
  script:
    - bash builder/build-package ubuntu bionic +libjpeg-turbo_latest
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
@@ -114,7 +97,7 @@ build_ubuntu_focal:
    - bash builder/build-package ubuntu focal;
  only:
    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
+      - $CI_COMMIT_MESSAGE =~ /\[full [Cc][Ii]\]/
  artifacts:
    paths:
      - output/
@@ -133,43 +116,7 @@ build_ubuntu_focal_arm:
    - bash builder/build-package ubuntu focal;
  only:
    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
+      - $CI_COMMIT_MESSAGE =~ /\[full [Cc][Ii]\]/
  artifacts:
    paths:
      - output/
 build_ubuntu_jammy:
  stage: build
  allow_failure: true
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package ubuntu jammy;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_ubuntu_jammy_arm:
  stage: build
  allow_failure: true
  tags:
    - arm
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package ubuntu jammy;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
@@ -186,7 +133,7 @@ build_debian_buster:
    - bash builder/build-package debian buster;
  only:
    variables:
-      - $CI_COMMIT_MESSAGE =~ /\[full [cC][Ii]\]/ || $BUILD_JOBS =~ $CI_JOB_NAME
+      - $CI_COMMIT_MESSAGE =~ /\[full [cC][Ii]\]/
  artifacts:
    paths:
      - output/
@@ -205,7 +152,7 @@ build_debian_buster_arm:
    - bash builder/build-package debian buster;
  only:
    variables:
-      - $CI_COMMIT_MESSAGE =~ /\[full [cC][Ii]\]/ || $BUILD_JOBS =~ $CI_JOB_NAME
+      - $CI_COMMIT_MESSAGE =~ /\[full [cC][Ii]\]/
  artifacts:
    paths:
      - output/
@@ -222,7 +169,7 @@ build_debian_bullseye:
    - bash builder/build-package debian bullseye;
  only:
    variables:
-      - $CI_COMMIT_MESSAGE =~ /\[full [cC][Ii]\]/ || $BUILD_JOBS =~ $CI_JOB_NAME
+      - $CI_COMMIT_MESSAGE =~ /\[full [cC][Ii]\]/
  artifacts:
    paths:
      - output/
@@ -241,7 +188,7 @@ build_debian_bullseye_arm:
    - bash builder/build-package debian bullseye;
  only:
    variables:
-      - $CI_COMMIT_MESSAGE =~ /\[full [cC][Ii]\]/ || $BUILD_JOBS =~ $CI_JOB_NAME
+      - $CI_COMMIT_MESSAGE =~ /\[full [cC][Ii]\]/
  artifacts:
    paths:
      - output/
@@ -256,28 +203,6 @@ build_kali_rolling:
    - *prepare_artfacts
  script:
    - bash builder/build-package kali kali-rolling;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_kali_rolling_arm:
  stage: build
  allow_failure: true
  tags:
    - arm
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package kali kali-rolling;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
@@ -292,81 +217,6 @@ build_centos7:
    - *prepare_artfacts
  script:
    - bash builder/build-package centos core
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_oracle_8:
  stage: build
  allow_failure: true
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package oracle 8;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_oracle_8_arm:
  stage: build
  allow_failure: true
  tags:
    - arm
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package oracle 8;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_opensuse_15:
  stage: build
  allow_failure: true
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package opensuse 15;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
 build_opensuse_15_arm:
  stage: build
  allow_failure: true
  tags:
    - arm
  before_script:
    - *prepare_build
    - *prepare_www
  after_script:
    - *prepare_artfacts
  script:
    - bash builder/build-package opensuse 15;
  only:
    variables:
      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
  artifacts:
    paths:
      - output/
@@ -377,25 +227,14 @@ upload:
  before_script:
    - . .ci/upload.sh
  script:
    - prepare_to_run_scripts_and_s3_uploads
    - S3_CRASHPAD_BUILD_DIRECTORY="kasmvnc/crashpad/${CI_COMMIT_SHA}"
    - for dbgsym_package in `find output/ -type f -name '*dbgsym*deb'`; do
        deb_package=$(find_deb_package "$dbgsym_package");
        xvnc_md5sum=$(fetch_xvnc_md5sum "$deb_package");
        upload_filename="${S3_CRASHPAD_BUILD_DIRECTORY}/${xvnc_md5sum}/kasmvncserver-dbgsym.deb";
        echo;
        echo "File to upload $upload_filename";
        upload_to_s3 "$dbgsym_package" "$upload_filename" "$S3_BUCKET";
        rm "$dbgsym_package";
      done
    - export S3_BUILD_DIRECTORY="kasmvnc/${CI_COMMIT_SHA}"
    - prepare_to_run_scripts_and_s3_uploads
    - export RELEASE_VERSION=$(.ci/next_release_version "$CI_COMMIT_REF_NAME")
    - for package in `find output/ -type f -name '*.deb' -or -name '*.rpm'`; do
        prepare_upload_filename "$package";
        upload_filename="${S3_BUILD_DIRECTORY}/$upload_filename";
        echo;
        echo "File to upload $upload_filename";
-        upload_to_s3 "$package" "$upload_filename" "$S3_BUCKET";
+        upload_to_s3 "$package" "$upload_filename";
-        UPLOAD_NAME=$(basename $upload_filename | sed 's#kasmvncserver_##' | sed -r 's#_([0-9]{1,3}\.){2}[0-9]{1,2}_\S+?([a-f0-9]{6})##' | sed -r 's#\.(deb|rpm)##');
+        UPLOAD_NAME=$(echo $upload_filename | sed 's#kasmvncserver_##' | sed -r 's#_([0-9]{1,3}\.){2}[0-9]{1,2}_\S+?([a-f0-9]{6})##' | sed -r 's#\.(deb|rpm)##');
        curl --request POST --header "PRIVATE-TOKEN:${GITLAB_API_TOKEN}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/statuses/${CI_COMMIT_SHA}?state=success&name=${UPLOAD_NAME}&target_url=${S3_URL}";
      done
--- a/DEBUGGING.md
+++ b/DEBUGGING.md
@@ -1,108 +0,0 @@
 # Debugging
 In the case where KasmVNC crashes and a backtrace is produced. Developers need a way to make the backtrace useful for debugging. This document covers where the backtrace is logged and how to use a debug symbol package and gdb to gain more information from the backtrace, such as filename, function name, and line number.
 ## Test Symbolization
 If you want to induce a crash to test that you can symbolize a backtrace you can start KasmVNC and then issue the following command.
    killall -SEGV Xvnc
 This will cause KasmVNC to terminate with a backtrace similar to the following. You will find the backtrace in the log file at $HOME/.vnc/$HOSTNAME:$DISPLAY.log where HOME is your user's profile path, HOSTNAME is the hostname of the system, and DISPLAY is the assigned display number for the session.
    (EE) 
    (EE) Backtrace:
    (EE) 0: /usr/bin/Xvnc (xorg_backtrace+0x4d) [0x5e48dd]
    (EE) 1: /usr/bin/Xvnc (0x400000+0x1e8259) [0x5e8259]
    (EE) 2: /lib/x86_64-linux-gnu/libpthread.so.0 (0x7f5a57ef6000+0x12980) [0x7f5a57f08980]
    (EE) 3: /lib/x86_64-linux-gnu/libc.so.6 (epoll_wait+0x57) [0x7f5a552eca47]
    (EE) 4: /usr/bin/Xvnc (ospoll_wait+0x37) [0x5e8d07]
    (EE) 5: /usr/bin/Xvnc (WaitForSomething+0x1c3) [0x5e2813]
    (EE) 6: /usr/bin/Xvnc (Dispatch+0xa7) [0x597007]
    (EE) 7: /usr/bin/Xvnc (dix_main+0x36e) [0x59b1fe]
    (EE) 8: /lib/x86_64-linux-gnu/libc.so.6 (__libc_start_main+0xe7) [0x7f5a551ecbf7]
    (EE) 9: /usr/bin/Xvnc (_start+0x2a) [0x46048a]
    (EE) 
    (EE) Received signal 11 sent by process 17182, uid 0
    (EE) 
    Fatal server error:
    (EE) Caught signal 11 (Segmentation fault). Server aborting
    (EE) 
 ## Debug Symbol Package
 In order to make use of this backtrace, you will need to symbolize the backtrace. Each build of KasmVNC produced by our pipelines comes with a corresponding debug symbol package that can be downloaded. You need two pieces of information to get the package, the git commit ID of KasmVNC and the MD5 sum of Xkasmvnc binary on your system. 
 The git commit ID can be found using Xvnc -version:
    ubuntu@matt-dev-vm-1:~$ Xvnc -version
    Xvnc KasmVNC 0.9.94002f39917dca0ad82ac0c29a75c723b538b32b - built Feb 17 2022 15:21:01
    Copyright (C) 1999-2018 KasmVNC Team and many others (see README.me)
    See http://kasmweb.com for information on KasmVNC.
    Underlying X server release 12010000, The X.Org Foundation
 The MD5 sum can be obtained using the md5sum command:
    md5sum /usr/bin/Xkasmvnc
    57ee7028239c5a737c0aeee4a34138c3  /usr/bin/Xkasmvnc
 With these two pieces of information, you can get the debug symbol package at https://kasmweb-build-artifacts.s3.amazonaws.com/kasmvnc/crashpad/[COMMITID]/[MD5SUM]/kasmvncserver-dbgsym.deb, in the above example it would be.
 [https://kasmweb-build-artifacts.s3.amazonaws.com/kasmvnc/crashpad/94002f39917dca0ad82ac0c29a75c723b538b32b/57ee7028239c5a737c0aeee4a34138c3/kasmvncserver-dbgsym.deb](https://kasmweb-build-artifacts.s3.amazonaws.com/kasmvnc/crashpad/94002f39917dca0ad82ac0c29a75c723b538b32b/57ee7028239c5a737c0aeee4a34138c3/kasmvncserver-dbgsym.deb "https://kasmweb-build-artifacts.s3.amazonaws.com/kasmvnc/crashpad/94002f39917dca0ad82ac0c29a75c723b538b32b/57ee7028239c5a737c0aeee4a34138c3/kasmvncserver-dbgsym.deb")
 Use wget or curl to download the debug symbol package and then install it.
    wget  https://kasmweb-build-artifacts.s3.amazonaws.com/kasmvnc/crashpad/94002f39917dca0ad82ac0c29a75c723b538b32b/57ee7028239c5a737c0aeee4a34138c3/kasmvncserver-dbgsym.deb
    sudo dpkg -i kasmvncserver-dbgsym.deb
 ## Symbolize a Backtrace
 With the KasmVNC binary and debug symbol package installed on the system, you can use gdb or addr2line to get more information, such as the filename, function name, and line number that the backtrace line is referring to. 
 Here is a single line from a backtrace. The following example shows how to retrieve additional information that can help with debugging the crash.
 (EE) 8: /usr/bin/Xvnc (0x400000+0x13e674) [**0x53e674**]
    echo info line ***0x53eaaa** | gdb -q /usr/bin/Xkasmvnc
    (gdb) Line 223 of "/src/common/network/webudp/Wu.cpp" starts at address 0x53e674 <WuClientSendPendingDTLS(WuClient*, Wu const*, Wu const*)+68>
 The following script will search the provide file for a backtrace and symbolize the entire backtrace.
    #!/bin/bash
    FILENAME=$1
    grep "(EE)" $FILENAME | while read -r line ; do
            BACKTRACE=$(echo $line | grep -Po '\[[0-9a-f]x[a-f0-9]{1,}' | sed -r 's#\[##')
            echo $line
            if ! [ -z $BACKTRACE ] ; then
                    SYMBOLIZED=$(echo "info line *${BACKTRACE}" | gdb /usr/bin/Xkasmvnc | grep "(gdb)" | grep -vP "\(gdb\)\s*quit$")
                    echo "    ${SYMBOLIZED}"
            fi
    done
 Using this script on the above example backtrace produces the following output.
    ubuntu@hostname-1:~$ bash symbolize.sh ~/.vnc/hostname-1\:10.log
    (EE)
    (EE) Backtrace:
    (EE) 0: /usr/bin/Xvnc (xorg_backtrace+0x4d) [0x5e48dd]
        (gdb) Line 130 of "backtrace.c" starts at address 0x5e48dd <xorg_backtrace+77> and ends at 0x5e4900 <xorg_backtrace+112>.
    (EE) 1: /usr/bin/Xvnc (0x400000+0x1e8259) [0x5e8259]
        (gdb) Line 138 of "osinit.c" starts at address 0x5e8259 <OsSigHandler+41> and ends at 0x5e8275 <OsSigHandler+69>.
    (EE) 2: /lib/x86_64-linux-gnu/libpthread.so.0 (0x7f5a57ef6000+0x12980) [0x7f5a57f08980]
        (gdb) No line number information available for address 0x7f5a57f08980
    (EE) 3: /lib/x86_64-linux-gnu/libc.so.6 (epoll_wait+0x57) [0x7f5a552eca47]
        (gdb) No line number information available for address 0x7f5a552eca47
    (EE) 4: /usr/bin/Xvnc (ospoll_wait+0x37) [0x5e8d07]
        (gdb) Line 643 of "ospoll.c" starts at address 0x5e8d07 <ospoll_wait+55> and ends at 0x5e8d09 <ospoll_wait+57>.
    (EE) 5: /usr/bin/Xvnc (WaitForSomething+0x1c3) [0x5e2813]
        (gdb) Line 210 of "WaitFor.c" starts at address 0x5e2813 <WaitForSomething+451> and ends at 0x5e2819 <WaitForSomething+457>.
    (EE) 6: /usr/bin/Xvnc (Dispatch+0xa7) [0x597007]
        (gdb) Line 421 of "dispatch.c" starts at address 0x596ffb <Dispatch+155> and ends at 0x59700b <Dispatch+171>.
    (EE) 7: /usr/bin/Xvnc (dix_main+0x36e) [0x59b1fe]
        (gdb) Line 278 of "main.c" starts at address 0x59b1fe <dix_main+878> and ends at 0x59b203 <dix_main+883>.
    (EE) 8: /lib/x86_64-linux-gnu/libc.so.6 (__libc_start_main+0xe7) [0x7f5a551ecbf7]
        (gdb) No line number information available for address 0x7f5a551ecbf7
    (EE) 9: /usr/bin/Xvnc (_start+0x2a) [0x46048a]
        (gdb) No line number information available for address 0x46048a <_start+42>
    (EE)
    (EE) Received signal 11 sent by process 17182, uid 0
    (EE)
    (EE) Caught signal 11 (Segmentation fault). Server aborting
    (EE)
--- a/15
+++ b/15
@@ -0,0 +1,15 @@
 [[source]]
 url = "https://pypi.python.org/simple"
 verify_ssl = true
 name = "pypi"
 [packages]
 mamba = "*"
 expects = "*"
 "path.py" = "*"
 pexpect = "*"
 [dev-packages]
 [requires]
 python_version = "3.8"
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -0,0 +1,136 @@
 {
    "_meta": {
        "hash": {
            "sha256": "6745d5e5d90e44a18d73a0e23bc3d3e68acb950af0b87df50b45272d25b9e615"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.8"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.python.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "args": {
            "hashes": [
                "sha256:a785b8d837625e9b61c39108532d95b85274acd679693b71ebb5156848fcf814"
            ],
            "version": "==0.1.0"
        },
        "clint": {
            "hashes": [
                "sha256:05224c32b1075563d0b16d0015faaf9da43aa214e4a2140e51f08789e7a4c5aa"
            ],
            "version": "==0.5.1"
        },
        "coverage": {
            "hashes": [
                "sha256:004d1880bed2d97151facef49f08e255a20ceb6f9432df75f4eef018fdd5a78c",
                "sha256:01d84219b5cdbfc8122223b39a954820929497a1cb1422824bb86b07b74594b6",
                "sha256:040af6c32813fa3eae5305d53f18875bedd079960822ef8ec067a66dd8afcd45",
                "sha256:06191eb60f8d8a5bc046f3799f8a07a2d7aefb9504b0209aff0b47298333302a",
                "sha256:13034c4409db851670bc9acd836243aeee299949bd5673e11844befcb0149f03",
                "sha256:13c4ee887eca0f4c5a247b75398d4114c37882658300e153113dafb1d76de529",
                "sha256:184a47bbe0aa6400ed2d41d8e9ed868b8205046518c52464fde713ea06e3a74a",
                "sha256:18ba8bbede96a2c3dde7b868de9dcbd55670690af0988713f0603f037848418a",
                "sha256:1aa846f56c3d49205c952d8318e76ccc2ae23303351d9270ab220004c580cfe2",
                "sha256:217658ec7187497e3f3ebd901afdca1af062b42cfe3e0dafea4cced3983739f6",
                "sha256:24d4a7de75446be83244eabbff746d66b9240ae020ced65d060815fac3423759",
                "sha256:2910f4d36a6a9b4214bb7038d537f015346f413a975d57ca6b43bf23d6563b53",
                "sha256:2949cad1c5208b8298d5686d5a85b66aae46d73eec2c3e08c817dd3513e5848a",
                "sha256:2a3859cb82dcbda1cfd3e6f71c27081d18aa251d20a17d87d26d4cd216fb0af4",
                "sha256:2cafbbb3af0733db200c9b5f798d18953b1a304d3f86a938367de1567f4b5bff",
                "sha256:2e0d881ad471768bf6e6c2bf905d183543f10098e3b3640fc029509530091502",
                "sha256:30c77c1dc9f253283e34c27935fded5015f7d1abe83bc7821680ac444eaf7793",
                "sha256:3487286bc29a5aa4b93a072e9592f22254291ce96a9fbc5251f566b6b7343cdb",
                "sha256:372da284cfd642d8e08ef606917846fa2ee350f64994bebfbd3afb0040436905",
                "sha256:41179b8a845742d1eb60449bdb2992196e211341818565abded11cfa90efb821",
                "sha256:44d654437b8ddd9eee7d1eaee28b7219bec228520ff809af170488fd2fed3e2b",
                "sha256:4a7697d8cb0f27399b0e393c0b90f0f1e40c82023ea4d45d22bce7032a5d7b81",
                "sha256:51cb9476a3987c8967ebab3f0fe144819781fca264f57f89760037a2ea191cb0",
                "sha256:52596d3d0e8bdf3af43db3e9ba8dcdaac724ba7b5ca3f6358529d56f7a166f8b",
                "sha256:53194af30d5bad77fcba80e23a1441c71abfb3e01192034f8246e0d8f99528f3",
                "sha256:5fec2d43a2cc6965edc0bb9e83e1e4b557f76f843a77a2496cbe719583ce8184",
                "sha256:6c90e11318f0d3c436a42409f2749ee1a115cd8b067d7f14c148f1ce5574d701",
                "sha256:74d881fc777ebb11c63736622b60cb9e4aee5cace591ce274fb69e582a12a61a",
                "sha256:7501140f755b725495941b43347ba8a2777407fc7f250d4f5a7d2a1050ba8e82",
                "sha256:796c9c3c79747146ebd278dbe1e5c5c05dd6b10cc3bcb8389dfdf844f3ead638",
                "sha256:869a64f53488f40fa5b5b9dcb9e9b2962a66a87dab37790f3fcfb5144b996ef5",
                "sha256:8963a499849a1fc54b35b1c9f162f4108017b2e6db2c46c1bed93a72262ed083",
                "sha256:8d0a0725ad7c1a0bcd8d1b437e191107d457e2ec1084b9f190630a4fb1af78e6",
                "sha256:900fbf7759501bc7807fd6638c947d7a831fc9fdf742dc10f02956ff7220fa90",
                "sha256:92b017ce34b68a7d67bd6d117e6d443a9bf63a2ecf8567bb3d8c6c7bc5014465",
                "sha256:970284a88b99673ccb2e4e334cfb38a10aab7cd44f7457564d11898a74b62d0a",
                "sha256:972c85d205b51e30e59525694670de6a8a89691186012535f9d7dbaa230e42c3",
                "sha256:9a1ef3b66e38ef8618ce5fdc7bea3d9f45f3624e2a66295eea5e57966c85909e",
                "sha256:af0e781009aaf59e25c5a678122391cb0f345ac0ec272c7961dc5455e1c40066",
                "sha256:b6d534e4b2ab35c9f93f46229363e17f63c53ad01330df9f2d6bd1187e5eaacf",
                "sha256:b7895207b4c843c76a25ab8c1e866261bcfe27bfaa20c192de5190121770672b",
                "sha256:c0891a6a97b09c1f3e073a890514d5012eb256845c451bd48f7968ef939bf4ae",
                "sha256:c2723d347ab06e7ddad1a58b2a821218239249a9e4365eaff6649d31180c1669",
                "sha256:d1f8bf7b90ba55699b3a5e44930e93ff0189aa27186e96071fac7dd0d06a1873",
                "sha256:d1f9ce122f83b2305592c11d64f181b87153fc2c2bbd3bb4a3dde8303cfb1a6b",
                "sha256:d314ed732c25d29775e84a960c3c60808b682c08d86602ec2c3008e1202e3bb6",
                "sha256:d636598c8305e1f90b439dbf4f66437de4a5e3c31fdf47ad29542478c8508bbb",
                "sha256:deee1077aae10d8fa88cb02c845cfba9b62c55e1183f52f6ae6a2df6a2187160",
                "sha256:ebe78fe9a0e874362175b02371bdfbee64d8edc42a044253ddf4ee7d3c15212c",
                "sha256:f030f8873312a16414c0d8e1a1ddff2d3235655a2174e3648b4fa66b3f2f1079",
                "sha256:f0b278ce10936db1a37e6954e15a3730bea96a0997c26d7fee88e6c396c2086d",
                "sha256:f11642dddbb0253cc8853254301b51390ba0081750a8ac03f20ea8103f0c56b6"
            ],
            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'",
            "version": "==5.5"
        },
        "expects": {
            "hashes": [
                "sha256:419902ccafe81b7e9559eeb6b7a07ef9d5c5604eddb93000f0642b3b2d594f4c"
            ],
            "index": "pypi",
            "version": "==0.9.0"
        },
        "mamba": {
            "hashes": [
                "sha256:75cfc6dfd287dcccaf86dd753cf48e0a7337487c7c3fafda05a6a67ded6da496"
            ],
            "index": "pypi",
            "version": "==0.11.2"
        },
        "path": {
            "hashes": [
                "sha256:2de925e8d421f93bcea80d511b81accfb6a7e6b249afa4a5559557b0cf817097",
                "sha256:340054c5bb459fc9fd40e7eb6768c5989f3e599d18224238465b5333bc8faa7d"
            ],
            "markers": "python_version >= '3.6'",
            "version": "==16.2.0"
        },
        "path.py": {
            "hashes": [
                "sha256:8d885e8b2497aed005703d94e0fd97943401f035e42a136810308bff034529a8",
                "sha256:a43e82eb2c344c3fd0b9d6352f6b856f40b8b7d3d65cc05978b42c3715668496"
            ],
            "index": "pypi",
            "version": "==12.5.0"
        },
        "pexpect": {
            "hashes": [
                "sha256:0b48a55dcb3c05f3329815901ea4fc1537514d6ba867a152b581d69ae3710937",
                "sha256:fc65a43959d153d0114afe13997d439c22823a27cefceb5ff35c2178c6784c0c"
            ],
            "index": "pypi",
            "version": "==4.8.0"
        },
        "ptyprocess": {
            "hashes": [
                "sha256:4b41f3967fce3af57cc7e94b888626c18bf37a083e3651ca8feeb66d492fef35",
                "sha256:5c5d0a3b48ceee0b48485e0c26037c0acd7d29765ca3fbb5cb3831d347423220"
            ],
            "version": "==0.7.0"
        }
    },
    "develop": {}
 }
--- a/README.md
+++ b/README.md
@@ -42,31 +42,30 @@ Future Goals:
 #### Debian-based
 ```sh
-# Please choose the package for your distro here (under Assets):
+wget https://github.com/kasmtech/KasmVNC/releases/download/v0.9.2-beta/kasmvncserver_ubuntu_bionic_0.9.2_amd64.deb
 # https://github.com/kasmtech/KasmVNC/releases
 wget <package_url>
-sudo apt-get install ./kasmvncserver_*.deb
+sudo apt-get install ./kasmvncserver_0.9.1~beta-1_amd64.deb
 # We provide an example script to run KasmVNC at #
 # /usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start. It runs a VNC
 # server on display :10 and on interface 0.0.0.0. If you're happy with those
 # defaults you can just use it as is:
 sudo ln -s /usr/share/doc/kasmvncserver/examples/kasmvncserver-easy-start /usr/bin/
 # Add your user to the ssl-cert group
 sudo addgroup $USER ssl-cert
 # You will need to re-connect in order to pick up the group change
-# Create ~/.vnc directory and corresponding files.
+# Run KasmVNC on display :10 and on interface 0.0.0.0:
-kasmvncserver-easy-start -d && kasmvncserver-easy-start -kill
+KASMVNC_OPTIONS=':10 -depth 24 -geometry 1280x1050
  -cert /etc/ssl/certs/ssl-cert-snakeoil.pem
  -key /etc/ssl/private/ssl-cert-snakeoil.key -sslOnly -FrameRate=24
  -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www'
 vncserver $KASMVNC_OPTIONS
-# Modify vncstartup to launch your environment of choice, in this example LXDE
+# On the first run, vncserver will ask you to create a KasmVNC user and choose a desktop
-# This may be optional depending on your system configuration
+# environment you want to run. It can detect Cinnamon, Mate, LXDE, KDE, Gnome,
-echo '/usr/bin/lxsession -s LXDE &' >> ~/.vnc/xstartup
+# XFCE. You can also choose to manually edit xstartup.
 # After you chose a desktop environment or to manually edit xstartup,
 # vncserver won't ask you again, unless you run it as:
 vncserver $KASMVNC_OPTIONS -select-de
-# Start KasmVNC with debug logging:
+# You can select a specific Desktop Environment like this:
-kasmvncserver-easy-start -d
+vncserver $KASMVNC_OPTIONS -select-de mate
 # Tail the logs
 tail -f ~/.vnc/`hostname`:10.log
@@ -74,10 +73,10 @@ tail -f ~/.vnc/`hostname`:10.log
 Now navigate to your system at https://[ip-address]:8443/
-To stop a running KasmVNC:
+To stop the KasmVNC you started earlier on display 10:
 ```sh
-kasmvncserver-easy-start -kill
+vncserver -kill :10
 ```
 The options for vncserver:
--- a/builder/build-deb-inside-docker
+++ b/builder/build-deb-inside-docker
@@ -29,6 +29,5 @@ fi
 dpkg-buildpackage -us -uc -b
 mkdir -p "$os_dir"
 cp ../*dbgsym*deb "$os_dir"
 cp ../*.deb "$os_dir"
 lintian ../*.deb || true
--- a/builder/build-rpm-inside-docker
+++ b/builder/build-rpm-inside-docker
@@ -8,7 +8,7 @@ prepare_build_env() {
 }
 copy_spec_and_tar_with_binaries() {
-  cp /tmp/kasmvncserver.spec ~/rpmbuild/SPECS/
+  cp /src/centos/kasmvncserver.spec ~/rpmbuild/SPECS/
  cp /src/builder/build/kasmvnc.${os}_${os_codename}.tar.gz \
    ~/rpmbuild/SOURCES/
 }
@@ -20,13 +20,8 @@ copy_rpm_to_build_dir() {
 cd "$(dirname "$0")/.."
-if [ -z ${KASMVNC_BUILD_OS_CODENAME+x} ]; then
+os=$(lsb_release -is | tr '[:upper:]' '[:lower:]')
-  os=$(lsb_release -is | tr '[:upper:]' '[:lower:]')
+os_codename=$(lsb_release -cs | tr '[:upper:]' '[:lower:]')
  os_codename=$(lsb_release -cs | tr '[:upper:]' '[:lower:]')
 else
  os=${KASMVNC_BUILD_OS}
  os_codename=${KASMVNC_BUILD_OS_CODENAME}
 fi
 os_dir="build/${os}_${os_codename}"
 prepare_build_env
--- a/builder/build-tarball
+++ b/builder/build-tarball
@@ -31,7 +31,6 @@ docker build -t "$builder_image" \
  -f builder/dockerfile.${os}_${os_codename}${build_tag}.build .
 mkdir -p builder/build
 docker run -v $shared_with_docker_dir:/build -e BUILD_TAG="$build_tag" \
  -e KASMVNC_COMMIT_ID="$KASMVNC_COMMIT_ID" \
  --rm "$builder_image"
 L_GID=$(id -g)
--- a/builder/build.sh
+++ b/builder/build.sh
@@ -7,12 +7,6 @@ detect_quilt() {
  fi
 }
 ensure_crashpad_can_fetch_line_number_by_address() {
  if [ ! -f /etc/centos-release ]; then
    export LDFLAGS="$LDFLAGS -no-pie"
  fi
 }
 # For build-dep to work, the apt sources need to have the source server
 #sudo apt-get build-dep xorg-server
@@ -23,7 +17,7 @@ cd /tmp
 # default to the version of x in Ubuntu 18.04, otherwise caller will need to specify
 XORG_VER=${XORG_VER:-"1.19.6"}
 XORG_PATCH=$(echo "$XORG_VER" | grep -Po '^\d.\d+' | sed 's#\.##')
-wget https://www.x.org/archive/individual/xserver/xorg-server-${XORG_VER}.tar.bz2
+wget --no-check-certificate https://www.x.org/archive/individual/xserver/xorg-server-${XORG_VER}.tar.bz2
 #git clone https://kasmweb@bitbucket.org/kasmtech/kasmvnc.git
 #cd kasmvnc
@@ -44,7 +38,7 @@ tar -C unix/xserver -xf /tmp/xorg-server-${XORG_VER}.tar.bz2 --strip-components=
 cd unix/xserver
 patch -Np1 -i ../xserver${XORG_PATCH}.patch
 case "$XORG_VER" in
-  1.20.*)
+  1.20.*) 
      if [ -f ../xserver120.7.patch ]; then
        patch -Np1 -i ../xserver120.7.patch
      fi ;;
@@ -55,17 +49,12 @@ autoreconf -i
 # The distro paths start after prefix and end with the font path,
 # everything after that is based on BUILDING.txt to remove unneeded
 # components.
 ensure_crashpad_can_fetch_line_number_by_address
 # remove gl check for opensuse
 if [ "${KASMVNC_BUILD_OS}" == "opensuse" ]; then
  sed -i 's/LIBGL="gl >= 7.1.0"/LIBGL="gl >= 1.1"/g' configure
 fi
 ./configure --prefix=/opt/kasmweb \
 	--with-xkb-path=/usr/share/X11/xkb \
 	--with-xkb-output=/var/lib/xkb \
 	--with-xkb-bin-directory=/usr/bin \
 	--with-default-font-path="/usr/share/fonts/X11/misc,/usr/share/fonts/X11/cyrillic,/usr/share/fonts/X11/100dpi/:unscaled,/usr/share/fonts/X11/75dpi/:unscaled,/usr/share/fonts/X11/Type1,/usr/share/fonts/X11/100dpi,/usr/share/fonts/X11/75dpi,built-ins" \
-	--without-dtrace --disable-dri \
+	--with-pic --without-dtrace --disable-dri \
        --disable-static \
 	--disable-xinerama --disable-xvfb --disable-xnest --disable-xorg \
 	--disable-dmx --disable-xwin --disable-xephyr --disable-kdrive \
@@ -96,9 +85,7 @@ cd /src
 detect_quilt
 if [ -n "$QUILT_PRESENT" ]; then
  quilt push -a
  echo 'Patches applied!'
 fi
 make servertarball
 cp kasmvnc*.tar.gz /build/kasmvnc.${KASMVNC_BUILD_OS}_${KASMVNC_BUILD_OS_CODENAME}.tar.gz
--- a/builder/build_www.sh
+++ b/builder/build_www.sh
@@ -15,3 +15,4 @@ cd /build
 rm *.md
 rm AUTHORS
 rm vnc.html
 rm vnc_lite.html
--- a/builder/bump-package-version
+++ b/builder/bump-package-version
@@ -7,12 +7,24 @@ update_version_to_meet_packaging_standards() {
    sed -e 's/\([0-9]\)-\([a-zA-Z]\)/\1~\2/')
 }
 add_debian_revision_to_new_version() {
  echo "$new_version-1"
 }
 bump_rpm() {
-  builder/bump-package-version-rpm "$new_version"
+  sed -i "s/^Version:.\+/Version:        $new_version/" centos/kasmvncserver.spec
 }
 bump_deb() {
-  builder/bump-package-version-deb "$new_version"
+  local image="debbump_package_version:dev"
  local L_UID=$(id -u)
  local L_GID=$(id -g)
  local debian_version=$(add_debian_revision_to_new_version)
  docker build -t "$image" -f builder/dockerfile.bump-package-version .
  docker run --rm -v "$PWD":/src --user "$L_UID:$L_GID" \
    "$image" /bin/bash -c \
    "cd /src && builder/bump-package-version-inside-docker-deb $debian_version"
 }
 new_version="$1"
--- a/builder/bump-package-version-deb
+++ b/builder/bump-package-version-deb
@@ -1,23 +0,0 @@
 #!/bin/bash
 set -eo pipefail
 new_version="$1"
 add_debian_revision_to_new_version() {
  echo "$new_version-1"
 }
 bump_deb() {
  local image="debbump_package_version:dev"
  local L_UID=$(id -u)
  local L_GID=$(id -g)
  local debian_version=$(add_debian_revision_to_new_version)
  docker build -t "$image" -f builder/dockerfile.bump-package-version .
  docker run --rm -v "$PWD":/src --user "$L_UID:$L_GID" \
    "$image" /bin/bash -c \
    "cd /src && builder/bump-package-version-inside-docker-deb $debian_version"
 }
 bump_deb
--- a/builder/bump-package-version-rpm
+++ b/builder/bump-package-version-rpm
@@ -1,32 +0,0 @@
 #!/bin/bash
 set -eo pipefail
 new_version="$1"
 specs="centos/kasmvncserver.spec
 oracle/kasmvncserver.spec
 opensuse/kasmvncserver.spec"
 bump_version() {
  sed -i "s/^Version:.\+/Version:        $new_version/" "$1"
 }
 detect_release_version() {
  release_version=$(sed -ne 's/^Release:\s\+//p' "$1" | sed -e 's/%.\+$//')
 }
 bump_changelog() {
  detect_release_version "$1"
  local date=$(date +'%a %b %d %Y')
  local changelog_version="$new_version-$release_version"
  local new_changelog_entry="* $date KasmTech <info@kasmweb.com> - $changelog_version\n- Upstream release"
  sed -i -e "s/%changelog/%changelog\n$new_changelog_entry/" "$1"
 }
 IFS=$'\n'
 for spec_file in $specs; do
  bump_version $spec_file
  bump_changelog $spec_file
 done
--- a/builder/dockerfile.centos_core.build
+++ b/builder/dockerfile.centos_core.build
@@ -3,7 +3,7 @@ FROM centos:centos7
 ENV KASMVNC_BUILD_OS centos
 ENV KASMVNC_BUILD_OS_CODENAME core
-RUN yum install -y ca-certificates
+RUN yum update -y ca-certificates
 RUN yum install -y build-dep xorg-server libxfont-dev sudo
 RUN yum install -y gcc cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
 RUN yum install -y libjpeg-dev libpng-dev libtiff-dev libgif-dev libavcodec-dev openssl-devel
@@ -11,10 +11,8 @@ RUN yum install -y make
 RUN yum group install -y "Development Tools"
 RUN yum install -y xorg-x11-server-devel zlib-devel libjpeg-turbo-devel
 RUN yum install -y libxkbfile-devel libXfont2-devel xorg-x11-font-utils \
-  xorg-x11-xtrans-devel xorg-x11-xkb-utils-devel libXrandr-devel pam-devel \
+  xorg-x11-xtrans-devel xorg-x11-xkb-utils-devel
  gnutls-devel libX11-devel libXtst-devel libXcursor-devel
 RUN yum install -y mesa-dri-drivers
 RUN yum install -y ca-certificates
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
--- a/builder/dockerfile.centos_core.rpm.test
+++ b/builder/dockerfile.centos_core.rpm.test
@@ -37,6 +37,7 @@ RUN yum install -y epel-release && yum groupinstall xfce -y
 RUN yum erase -y pm-utils xscreensaver*
 RUN yum install -y redhat-lsb-core
 RUN yum install -y vim less
 RUN yum localinstall -y --nogpgcheck https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
 RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
--- a/builder/dockerfile.debian_bullseye.build
+++ b/builder/dockerfile.debian_bullseye.build
@@ -13,7 +13,7 @@ RUN apt-get update && \
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
 RUN apt-get update && apt-get -y install cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
-RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
+RUN apt-get update && apt-get -y install libjpeg-dev libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
--- a/builder/dockerfile.debian_buster.build
+++ b/builder/dockerfile.debian_buster.build
@@ -13,7 +13,7 @@ RUN apt-get update && \
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
 RUN apt-get update && apt-get -y install cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
-RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
+RUN apt-get update && apt-get -y install libjpeg-dev libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
--- a/builder/dockerfile.debian_buster.deb.test
+++ b/builder/dockerfile.debian_buster.deb.test
@@ -34,6 +34,14 @@ RUN apt-get purge -y pm-utils xscreensaver*
 RUN apt-get update && apt-get install -y vim less
 RUN apt-get update && apt-get -y install lsb-release
 RUN apt-get update && apt-get install -y task-cinnamon-desktop
 RUN apt-get update && apt-get install -y task-gnome-desktop
 RUN mkdir -p /usr/share/man/man1
 RUN apt-get update && apt-get install -y apt-utils openjdk-11-jre
 RUN apt-get update && apt-get install -y task-lxde-desktop
 RUN apt-get update && apt-get install -y task-mate-desktop
 RUN apt-get update && apt-get install -y task-kde-desktop
 RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
 RUN mkdir -p $STARTUPDIR
--- a/builder/dockerfile.fedora_thirtythree.build
+++ b/builder/dockerfile.fedora_thirtythree.build
@@ -18,8 +18,7 @@ RUN dnf install -y make
 RUN dnf group install -y "Development Tools"
 RUN dnf install -y xorg-x11-server-devel zlib-devel libjpeg-turbo-devel
 RUN dnf install -y libxkbfile-devel libXfont2-devel xorg-x11-font-utils \
-  xorg-x11-xtrans-devel xorg-x11-xkb-utils-devel libXrandr-devel libXtst-devel \
+  xorg-x11-xtrans-devel xorg-x11-xkb-utils-devel
  libXcursor-devel
 RUN dnf install -y mesa-dri-drivers
 RUN dnf install -y bzip2 redhat-lsb-core
--- a/builder/dockerfile.kali_kali-rolling.build
+++ b/builder/dockerfile.kali_kali-rolling.build
@@ -13,7 +13,7 @@ RUN apt-get update && \
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
 RUN apt-get update && apt-get -y install cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
-RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
+RUN apt-get update && apt-get -y install libjpeg-dev libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
--- a/builder/dockerfile.opensuse_15.barebones.rpm.test
+++ b/builder/dockerfile.opensuse_15.barebones.rpm.test
@@ -1,39 +0,0 @@
 FROM opensuse/leap:15.3
 # base tools
 RUN zypper -n install -y \
  less \
  vim \
  xterm
 # deps and rpm install
 RUN zypper -n install -y \
  libglvnd \
  libgnutls30 \
  libgomp1 \
  libjpeg8 \
  libnettle6 \
  libpixman-1-0 \
  libXdmcp6 \
  libXfont2-2 \
  libxkbcommon-x11-0 \
  openssl \
  perl \
  x11-tools \
  xauth \
  xkbcomp \
  xkeyboard-config && \
  mkdir -p /etc/pki/tls/private
 ARG KASMVNC_PACKAGE_DIR
 COPY $KASMVNC_PACKAGE_DIR/*.rpm /tmp
 RUN zypper install -y --allow-unsigned-rpm /tmp/*.rpm
 RUN useradd -m foo
 USER foo:kasmvnc-cert
 RUN mkdir ~/.vnc && echo '/usr/bin/xterm &' >> ~/.vnc/xstartup && \
  chmod +x ~/.vnc/xstartup
 ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u \"$VNC_USER\" && vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 6901 -cert /etc/pki/tls/private/kasmvnc.pem -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "
--- a/builder/dockerfile.opensuse_15.build
+++ b/builder/dockerfile.opensuse_15.build
@@ -1,59 +0,0 @@
 FROM opensuse/leap:15.3
 ENV KASMVNC_BUILD_OS opensuse
 ENV KASMVNC_BUILD_OS_CODENAME 15
 ENV XORG_VER 1.20.3
 # Install depends
 RUN zypper install -ny \
  bdftopcf \
  bigreqsproto-devel \
  cmake \
  ffmpeg-4-libavcodec-devel \
  fonttosfnt \
  font-util \
  gcc \
  gcc-c++ \
  giflib-devel \
  git \
  gzip \
  lbzip2 \
  libbz2-devel \
  libGLw-devel \
  libgnutls-devel \
  libjpeg8-devel \
  libopenssl-devel \
  libpng16-devel \
  libtiff-devel \
  libXfont2-devel \
  libxkbcommon-x11-devel \
  make \
  Mesa-dri \
  Mesa-libglapi-devel \
  mkfontdir \
  mkfontscale \
  patch \
  tigervnc \
  wget \
  xcmiscproto-devel \
  xorg-x11-devel \
  xorg-x11-server-sdk \
  xorg-x11-util-devel \
  zlib-devel
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
 RUN cd /tmp && tar -xzf /tmp/libwebp-*
 RUN cd /tmp/libwebp-1.0.2 && \
    ./configure --enable-static --disable-shared && \
    make && make install
 RUN useradd -u 1000 docker && \
  groupadd -g 1000 docker && \
  usermod -a -G docker docker
 COPY --chown=docker:docker . /src/
 USER docker
 ENTRYPOINT ["/src/builder/build.sh"]
--- a/builder/dockerfile.opensuse_15.rpm.build
+++ b/builder/dockerfile.opensuse_15.rpm.build
@@ -1,24 +0,0 @@
 FROM opensuse/leap:15.3
 ENV KASMVNC_BUILD_OS opensuse
 ENV KASMVNC_BUILD_OS_CODENAME 15
 RUN zypper -n install -y \
  gpg* \
  less \
  lsb-release \
  rng-tools \
  rpm-build \
  rpmdevtools \
  rpmlint \
  tree \
  vim
 COPY opensuse/*.spec /tmp
 RUN zypper -n install $(grep BuildRequires /tmp/*.spec | cut -d' ' -f2 | xargs)
 RUN useradd -u 1000 -m -d /home/docker docker && \
  groupadd -g 1000 docker && \
  usermod -a -G docker docker
 USER docker
--- a/builder/dockerfile.oracle_8.barebones.rpm.test
+++ b/builder/dockerfile.oracle_8.barebones.rpm.test
@@ -1,20 +0,0 @@
 FROM oraclelinux:8
 RUN dnf install -y \
  less \
  redhat-lsb-core \
  vim \
  xterm
 ARG KASMVNC_PACKAGE_DIR
 COPY $KASMVNC_PACKAGE_DIR/*.rpm /tmp
 RUN dnf localinstall -y /tmp/*.rpm
 RUN useradd -m foo
 USER foo:kasmvnc-cert
 RUN mkdir ~/.vnc && echo '/usr/bin/xterm &' >> ~/.vnc/xstartup && \
  chmod +x ~/.vnc/xstartup
 ENTRYPOINT bash -c "echo -e \"$VNC_PW\n$VNC_PW\n\" | kasmvncpasswd -w -u \"$VNC_USER\" && vncserver :1 -interface 0.0.0.0 && vncserver -kill :1 && vncserver :1 -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /etc/pki/tls/private/kasmvnc.pem -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www && tail -f $HOME/.vnc/*.log "
--- a/builder/dockerfile.oracle_8.build
+++ b/builder/dockerfile.oracle_8.build
@@ -1,61 +0,0 @@
 FROM oraclelinux:8
 ENV KASMVNC_BUILD_OS oracle
 ENV KASMVNC_BUILD_OS_CODENAME 8
 ENV XORG_VER 1.20.10
 # Install from stock repos
 RUN dnf install -y \
  bzip2-devel \
  ca-certificates \
  cmake \
  dnf-plugins-core \
  gcc \
  gcc-c++ \
  git \
  gnutls-devel \
  libjpeg-turbo-devel \
  libpng-devel \
  libtiff-devel \
  make \
  mesa-dri-drivers \
  openssl-devel \
  openssl-devel \
  patch \
  tigervnc-server \
  wget \
  xorg-x11-font-utils \
  zlib-devel
 # Enable additional repos (epel, powertools, and fusion)
 RUN dnf config-manager --set-enabled ol8_codeready_builder
 RUN dnf install -y oracle-epel-release-el8
 RUN dnf install -y --nogpgcheck https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm
 # Install from new repos
 RUN dnf install -y \
  ffmpeg-devel \
  giflib-devel \
  lbzip2 \
  libXfont2-devel \
  libxkbfile-devel \
  xorg-x11-server-devel \
  xorg-x11-xkb-utils-devel \
  xorg-x11-xtrans-devel \
  libXrandr-devel \
  libXtst-devel \
  libXcursor-devel
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
 RUN cd /tmp && tar -xzf /tmp/libwebp-*
 RUN cd /tmp/libwebp-1.0.2 && \
    ./configure --enable-static --disable-shared && \
    make && make install
 RUN useradd -m docker && echo "docker:docker" | chpasswd
 COPY --chown=docker:docker . /src/
 USER docker
 ENTRYPOINT ["/src/builder/build.sh"]
--- a/builder/dockerfile.oracle_8.rpm.build
+++ b/builder/dockerfile.oracle_8.rpm.build
@@ -1,21 +0,0 @@
 FROM oraclelinux:8
 ENV KASMVNC_BUILD_OS oracle
 ENV KASMVNC_BUILD_OS_CODENAME 8
 RUN dnf install -y \
  gpg* \
  less \
  redhat-lsb-core \
  rng-tools \
  rpm* \
  rpmlint \
  tree \
  vim
 COPY oracle/*.spec /tmp
 RUN dnf builddep -y /tmp/*.spec
 RUN useradd -m docker && echo "docker:docker" | chpasswd
 USER docker
--- a/builder/dockerfile.ubuntu_bionic+libjpeg-turbo_latest.build
+++ b/builder/dockerfile.ubuntu_bionic+libjpeg-turbo_latest.build
@@ -11,7 +11,7 @@ RUN apt-get update && \
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
 RUN apt-get update && apt-get -y install cmake git libgnutls28-dev vim wget tightvncserver
-RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
+RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev
 RUN apt-get update && apt-get install -y cmake nasm gcc
 RUN git clone https://github.com/libjpeg-turbo/libjpeg-turbo.git
--- a/builder/dockerfile.ubuntu_bionic.build
+++ b/builder/dockerfile.ubuntu_bionic.build
@@ -11,7 +11,7 @@ RUN apt-get update && \
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
 RUN apt-get update && apt-get -y install cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
-RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
+RUN apt-get update && apt-get -y install libjpeg-dev libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
--- a/builder/dockerfile.ubuntu_focal.build
+++ b/builder/dockerfile.ubuntu_focal.build
@@ -13,7 +13,7 @@ RUN apt-get update && \
 RUN apt-get update && apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
 RUN apt-get update && apt-get -y install cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
-RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
+RUN apt-get update && apt-get -y install libjpeg-dev libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
--- a/builder/dockerfile.ubuntu_focal.vncserver.test
+++ b/builder/dockerfile.ubuntu_focal.vncserver.test
@@ -0,0 +1,54 @@
 FROM ubuntu:focal
 ENV DEBIAN_FRONTEND=noninteractive
 ENV VNC_PORT 8443
 ENV VNC_PORT2 8444
 ENV VNC_PORT3 8445
 EXPOSE $VNC_PORT
 EXPOSE $VNC_PORT2
 EXPOSE $VNC_PORT3
 RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext wget
 RUN apt-get update && apt-get install -y vim less
 RUN apt-get update && apt-get -y install lsb-release
 RUN apt-get update && apt-get -y install net-tools
 # RUN mkdir -p /usr/share/man/man1
 # RUN apt-get update && apt-get install -y apt-utils openjdk-11-jre
 RUN apt-get update && apt-get install -y ubuntu-mate-desktop
 RUN apt-get update && apt-get install -y lxde
 RUN apt-get update && apt-get install -y lxqt
 RUN apt-get update && apt-get install -y kde-full
 RUN apt-get update && apt-get install -y cinnamon
 RUN apt-get update && apt-get install -y ubuntu-gnome-desktop
 RUN apt-get purge -y pm-utils xscreensaver*
 RUN apt-get purge -y clipit magnus kgpg
 RUN apt-get update && apt-get install -y python3-pip
 RUN apt-get update && apt-get install -y strace
 RUN useradd -m docker
 ENV USER docker
 ARG KASMVNC_PACKAGE_DIR
 COPY $KASMVNC_PACKAGE_DIR/kasmvncserver_*.deb /tmp
 RUN dpkg -i /tmp/*.deb; apt-get -yf install
 ENV HOME /home/docker
 RUN chown -R 1000:0 $HOME
 USER 1000:ssl-cert
 WORKDIR $HOME
 RUN pip3 install --user pipenv
 RUN echo 'PATH="/src/unix:~/.local/bin/:$PATH"' >> ~/.bashrc
 RUN echo 'alias s="sh /src/s"' >> ~/.bashrc
 RUN echo 'alias k="vncserver -kill :1; pkill baloo_file; pkill gpg-agent; pkill ssh-agent; pkill xiccd"' >> ~/.bashrc
 RUN echo 'alias r="k; s"' >> ~/.bashrc
 RUN echo 'alias go="sh /src/s; vncserver -kill :1"' >> ~/.bashrc
 RUN echo 'alias ns="netstat -nltp"' >> ~/.bashrc
 RUN echo 'alias mamba="pipenv run mamba spec/"' >> ~/.bashrc
 ENV LC_ALL=C.UTF-8
 ENV LANG=C.UTF-8
 ENTRYPOINT ["bash", "-ic", "cd /src && pipenv install; exec bash"]
--- a/builder/dockerfile.ubuntu_jammy.build
+++ b/builder/dockerfile.ubuntu_jammy.build
@@ -1,30 +0,0 @@
 FROM ubuntu:jammy
 ENV KASMVNC_BUILD_OS ubuntu
 ENV KASMVNC_BUILD_OS_CODENAME jammy
 ENV XORG_VER 1.20.8
 ENV DEBIAN_FRONTEND noninteractive
 RUN sed -i 's$# deb-src$deb-src$' /etc/apt/sources.list
 RUN apt-get update && \
      apt-get -y install sudo
 RUN apt-get update && apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
 RUN apt-get update && apt-get -y install cmake git libjpeg-dev libgnutls28-dev vim wget tightvncserver
 RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
 # Additions for webp
 RUN cd /tmp && wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz
 RUN cd /tmp && tar -xzf /tmp/libwebp-*
 RUN cd /tmp/libwebp-1.0.2 && \
    ./configure --enable-static --disable-shared && \
    make && make install
 RUN useradd -m docker && echo "docker:docker" | chpasswd && adduser docker sudo
 COPY --chown=docker:docker . /src/
 USER docker
 ENTRYPOINT ["/src/builder/build.sh"]
--- a/builder/dockerfile.ubuntu_jammy.deb.build
+++ b/builder/dockerfile.ubuntu_jammy.deb.build
@@ -1,19 +0,0 @@
 FROM ubuntu:jammy
 ENV DEBIAN_FRONTEND noninteractive
 RUN apt-get update && \
      apt-get -y install vim build-essential devscripts equivs
 # Install build-deps for the package.
 COPY ./debian/control /tmp
 RUN apt-get update && echo YYY | mk-build-deps --install --remove /tmp/control
 ARG L_UID
 RUN if [ "$L_UID" -eq 0 ]; then \
      useradd -m docker; \
    else \
      useradd -m docker -u $L_UID;\
    fi
 USER docker
--- a/builder/dockerfile.ubuntu_jammy.deb.test
+++ b/builder/dockerfile.ubuntu_jammy.deb.test
@@ -1,57 +0,0 @@
 FROM ubuntu:jammy
 ENV DISPLAY=:1 \
    VNC_PORT=8443 \
    VNC_RESOLUTION=1280x720 \
    MAX_FRAME_RATE=24 \
    VNCOPTIONS="-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7" \
    HOME=/home/user \
    TERM=xterm \
    STARTUPDIR=/dockerstartup \
    INST_SCRIPTS=/dockerstartup/install \
    KASM_RX_HOME=/dockerstartup/kasmrx \
    DEBIAN_FRONTEND=noninteractive \
    VNC_COL_DEPTH=24 \
    VNC_RESOLUTION=1280x1024 \
    VNC_PW=vncpassword \
    VNC_USER=user \
    VNC_VIEW_ONLY_PW=vncviewonlypassword \
    LD_LIBRARY_PATH=/usr/local/lib/ \
    OMP_WAIT_POLICY=PASSIVE \
    SHELL=/bin/bash \
    SINGLE_APPLICATION=0 \
    KASMVNC_BUILD_OS=ubuntu \
    KASMVNC_BUILD_OS_CODENAME=bionic
 EXPOSE $VNC_PORT
 WORKDIR $HOME
 ### REQUIRED STUFF ###
 RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext wget
 RUN apt-get purge -y pm-utils xscreensaver*
 RUN apt-get update && apt-get install -y vim less
 RUN apt-get update && apt-get -y install lsb-release
 RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
 RUN mkdir -p $STARTUPDIR
 COPY startup/ $STARTUPDIR
 ### START CUSTOM STUFF ####
 ARG KASMVNC_PACKAGE_DIR
 COPY $KASMVNC_PACKAGE_DIR/kasmvncserver_*.deb /tmp/
 RUN rm -f /tmp/kasmvncserver_*+*.deb; dpkg -i /tmp/*.deb; apt-get -yf install
 RUN mkdir ~/.vnc && echo '/usr/bin/xfce4-session &' >> ~/.vnc/xstartup && \
  chmod +x ~/.vnc/xstartup
 ### END CUSTOM STUFF ###
 RUN chown -R 1000:0 $HOME
 USER 1000:ssl-cert
 WORKDIR $HOME
 ENTRYPOINT [ "/dockerstartup/vnc_startup.sh" ]
--- a/builder/dockerfile.ubuntu_jammy.test
+++ b/builder/dockerfile.ubuntu_jammy.test
@@ -1,51 +0,0 @@
 FROM ubuntu:jammy
 ENV DISPLAY=:1 \
    VNC_PORT=8443 \
    VNC_RESOLUTION=1280x720 \
    MAX_FRAME_RATE=24 \
    VNCOPTIONS="-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7" \
    HOME=/home/user \
    TERM=xterm \
    STARTUPDIR=/dockerstartup \
    INST_SCRIPTS=/dockerstartup/install \
    KASM_RX_HOME=/dockerstartup/kasmrx \
    DEBIAN_FRONTEND=noninteractive \
    VNC_COL_DEPTH=24 \
    VNC_RESOLUTION=1280x1024 \
    VNC_PW=vncpassword \
    VNC_USER=user \
    VNC_VIEW_ONLY_PW=vncviewonlypassword \
    LD_LIBRARY_PATH=/usr/local/lib/ \
    OMP_WAIT_POLICY=PASSIVE \
    SHELL=/bin/bash \
    SINGLE_APPLICATION=0 \
    KASMVNC_BUILD_OS=ubuntu \
    KASMVNC_BUILD_OS_CODENAME=jammy
 EXPOSE $VNC_PORT
 WORKDIR $HOME
 ### REQUIRED STUFF ###
 RUN apt-get update && apt-get install -y supervisor xfce4 xfce4-terminal xterm libnss-wrapper gettext libjpeg-dev wget
 RUN apt-get purge -y pm-utils xscreensaver*
 RUN echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
 RUN mkdir -p $STARTUPDIR
 COPY startup/ $STARTUPDIR
 ### START CUSTOM STUFF ####
 COPY build/kasmvnc.${KASMVNC_BUILD_OS}_${KASMVNC_BUILD_OS_CODENAME}.tar.gz /tmp/
 RUN tar -xzvf /tmp/kasmvnc.${KASMVNC_BUILD_OS}_${KASMVNC_BUILD_OS_CODENAME}.tar.gz --strip 1 -C /
 ### END CUSTOM STUFF ###
 RUN chown -R 1000:0 $HOME
 USER 1000
 WORKDIR $HOME
 ENTRYPOINT [ "/dockerstartup/vnc_startup.sh" ]
--- a/builder/startup/deb/cli-processing.sh
+++ b/builder/startup/deb/cli-processing.sh
@@ -0,0 +1,50 @@
 #!/bin/bash
 debug() {
  if [ -z "$debug" ]; then return; fi
  echo "$@"
 }
 enable_debug() {
  debug=1
  log_option="-log *:stderr:100"
 }
 kill_vnc_server() {
  vncserver -kill $display
 }
 process_cli_options() {
  for option in "$@"; do
    case "$option" in
      --help)
        show_help
        exit
        ;;
      -d|--debug)
        enable_debug
        ;;
      -k|--kill)
        kill_vnc_server
        exit
        ;;
      -s|--select-de)
        action=select-de-and-start
        ;;
      *)
        echo >&2 "Unsupported argument: $option"
        exit 1
    esac
  done
 }
 show_help() {
  cat >&2 <<-USAGE
 Usage: $(basename "$0") [options]
  -d, --debug      Debug output
  -k, --kill       Kill vncserver
  -s, --select-de  Select desktop environent to run
  --help           Show this help
 USAGE
 }
--- a/builder/startup/deb/kasmvncserver-easy-start
+++ b/builder/startup/deb/kasmvncserver-easy-start
@@ -4,43 +4,8 @@ set -e
 display=:10
 interface=0.0.0.0
 cert_group=ssl-cert
 if [[ "$1" = "--help" ]]; then
  cat >&2 <<-USAGE
 Usage: `basename $0` [options]
  -d     Debug output
  -kill  Kill vncserver
  --help show this help
 USAGE
  exit
 fi
 if [[ "$1" = "-d" ]]; then
  log_option="-log *:stderr:100"
 fi
 action=start
 if [[ "$1" = "-kill" ]]; then
  action=kill
 fi
 if groups | grep -qvw ssl-cert; then
  cat <<-EOF
    Can't access TLS certificate.
    Please add your user to $cert_group via 'addgroup <user> ssl-cert'
 EOF
  exit 1
 fi
 if [[ "$action" = "kill" ]]; then
  vncserver -kill $display
  exit
 fi
 vncserver $display -interface $interface
 vncserver -kill $display
 vncserver $display -depth 24 -geometry 1280x1050 -websocketPort 8443 \
  -cert /etc/ssl/certs/ssl-cert-snakeoil.pem \
  -key /etc/ssl/private/ssl-cert-snakeoil.key -sslOnly -FrameRate=24 \
-  -interface $interface -httpd /usr/share/kasmvnc/www $log_option
+  -interface $interface -httpd /usr/share/kasmvnc/www
--- a/builder/startup/deb/select-de.sh
+++ b/builder/startup/deb/select-de.sh
@@ -0,0 +1,258 @@
 #!/bin/bash
 set -e
 xstartup_script=~/.vnc/xstartup
 de_was_selected_file="$HOME/.vnc/.de-was-selected"
 debug() {
  if [ -z "$debug" ]; then return; fi
  echo "$@"
 }
 enable_debug() {
  debug=1
 }
 process_cli_options() {
  while [ $# -gt 0 ]; do
    local option="$1"
    shift
    case "$option" in
      --help|-h)
        show_help
        exit
        ;;
      -d|--debug)
        enable_debug
        ;;
      -y|--assume-yes)
        assume_yes=1
        ;;
      -s|--select-de)
        action=select-de
        if [[ -n "$1" && "${1:0:1}" != "-" ]]; then
          selected_de="$1"
          assume_yes_for_xstartup_overwrite=1
          if [ "$selected_de" = "manual" ]; then
            selected_de="$manual_xstartup_choice"
          fi
          shift
        fi
        ;;
      *)
        echo >&2 "Unsupported argument: $option"
        exit 1
    esac
  done
 }
 show_help() {
  cat >&2 <<-USAGE
 Usage: $(basename "$0") [options]
  -d, --debug      Debug output
  -y, --assume-yes Automatic "yes" to prompts
  -s, --select-de  Select desktop environent to run
  --help           Show this help
 USAGE
 }
 add_uppercase_desktop_environment_keys() {
  local de_cmd
  for de in "${!all_desktop_environments[@]}"; do
    de_cmd=${all_desktop_environments[$de]};
    all_desktop_environments[${de^^}]="$de_cmd"
  done
 }
 process_cli_options "$@"
 manual_xstartup_choice="Manually edit xstartup"
 declare -A all_desktop_environments=(
  [Cinnamon]="exec cinnamon-session"
  [Mate]="XDG_CURRENT_DESKTOP=MATE exec dbus-launch --exit-with-session mate-session"
  [LXDE]="exec lxsession"
  [Lxqt]="exec startlxqt"
  [KDE]="exec startkde"
  [Gnome]="XDG_CURRENT_DESKTOP=GNOME exec dbus-launch --exit-with-session /usr/bin/gnome-session"
  [XFCE]="exec xfce4-session")
 readarray -t sorted_desktop_environments < <(for de in "${!all_desktop_environments[@]}"; do echo "$de"; done | sort)
 all_desktop_environments[$manual_xstartup_choice]=""
 sorted_desktop_environments+=("$manual_xstartup_choice")
 add_uppercase_desktop_environment_keys
 detected_desktop_environments=()
 declare -A numbered_desktop_environments
 print_detected_desktop_environments() {
  declare -i i=1
  echo "Please choose Desktop Environment to run:"
  for detected_de in "${detected_desktop_environments[@]}"; do
    echo "[$i] $detected_de"
    numbered_desktop_environments[$i]=$detected_de
    i+=1
  done
 }
 detect_desktop_environments() {
  for de_name in "${sorted_desktop_environments[@]}"; do
    if [[ "$de_name" = "$manual_xstartup_choice" ]]; then
      detected_desktop_environments+=("$de_name")
      continue;
    fi
    local executable=${all_desktop_environments[$de_name]}
    executable=($executable)
    executable=${executable[-1]}
    if detect_desktop_environment "$de_name" "$executable"; then
      detected_desktop_environments+=("$de_name")
    fi
  done
 }
 ask_user_to_choose_de() {
  while : ; do
    print_detected_desktop_environments
    read -r de_number_to_run
    de_name_from_number "$de_number_to_run"
    if [[ -n "$de_name" ]]; then
      break;
    fi
    echo "Incorrect number: $de_number_to_run"
    echo
  done
 }
 remember_de_choice() {
  touch "$de_was_selected_file"
 }
 de_was_selected_on_previous_run() {
  [[ -f "$de_was_selected_file" ]]
 }
 detect_desktop_environment() {
  local de_name="$1"
  local executable="$2"
  if command -v "$executable" &>/dev/null; then
    return 0
  fi
  return 1
 }
 did_user_forbid_replacing_xstartup() {
  grep -q -v KasmVNC-safe-to-replace-this-file "$xstartup_script"
 }
 de_cmd_from_name() {
  de_cmd=${all_desktop_environments[${de_name^^}]}
 }
 de_name_from_number() {
  local de_number_to_run="$1"
  de_name=${numbered_desktop_environments[$de_number_to_run]}
 }
 warn_xstartup_will_be_overwriten() {
  if [[ -n "$assume_yes" || -n "$assume_yes_for_xstartup_overwrite" ]]; then
    return 0
  fi
  if [ ! -f "$xstartup_script" ]; then
    return 0
  fi
  echo -n "WARNING: $xstartup_script will be overwritten y/N?"
  read -r do_overwrite_xstartup
  if [[ "$do_overwrite_xstartup" = "y" || "$do_overwrite_xstartup" = "Y" ]]; then
    return 0
  fi
  return 1
 }
 setup_de_to_run_via_xstartup() {
  warn_xstartup_will_be_overwriten
  generate_xstartup "$de_name"
 }
 generate_xstartup() {
  local de_name="$1"
  de_cmd_from_name
  cat <<-SCRIPT > "$xstartup_script"
 #!/bin/sh
 $de_cmd
 SCRIPT
  chmod +x "$xstartup_script"
 }
 user_asked_to_select_de() {
  [[ "$action" = "select-de" ]]
 }
 user_specified_de() {
  [ -n "$selected_de" ]
 }
 check_de_name_is_valid() {
  local selected_de="$1"
  local de_cmd=${all_desktop_environments["${selected_de^^}"]:-}
  if [ -z "$de_cmd" ]; then
    echo >&2 "'$selected_de': not supported Desktop Environment"
    return 1
  fi
 }
 de_installed() {
  local de_name="${1^^}"
  for de in "${detected_desktop_environments[@]}"; do
    if [ "${de^^}" = "$de_name" ]; then
      return 0
    fi
  done
  return 1
 }
 check_de_installed() {
  local de_name="$1"
  if ! de_installed "$de_name"; then
    echo >&2 "'$de_name': Desktop Environment not installed"
    return 1
  fi
 }
 if user_asked_to_select_de || ! de_was_selected_on_previous_run; then
  if user_specified_de; then
    check_de_name_is_valid "$selected_de"
  fi
  detect_desktop_environments
  if user_specified_de; then
    check_de_installed "$selected_de"
    de_name="$selected_de"
  else
    ask_user_to_choose_de
  fi
  debug "You selected $de_name desktop environment"
  if [[ "$de_name" != "$manual_xstartup_choice" ]]; then
    setup_de_to_run_via_xstartup
  fi
  remember_de_choice
 fi
--- a/builder/startup/vnc_startup.sh
+++ b/builder/startup/vnc_startup.sh
@@ -61,9 +61,6 @@ kasmvncpasswd -d -u "$VNC_USER-to-delete" $HOME/.kasmpasswd
 chmod 0600 $HOME/.kasmpasswd
 openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $HOME/.vnc/self.pem -out $HOME/.vnc/self.pem -subj "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
 vncserver :1 -interface 0.0.0.0
 vncserver -kill :1
 if [[ -f $PASSWD_PATH ]]; then
    rm -f $PASSWD_PATH
 fi
@@ -86,10 +83,10 @@ vncserver -kill $DISPLAY &> $HOME/.vnc/vnc_startup.log \
 detect_www_dir
 detect_cert_location
-[ -n "$KASMVNC_VERBOSE_LOGGING" ] && verbose_logging_option="-log *:stderr:100"
+[ -n "$KASMVNC_VERBOSE_LOGGING" ] && verbose_logging_option="-debug"
 echo -e "start vncserver with param: VNC_COL_DEPTH=$VNC_COL_DEPTH, VNC_RESOLUTION=$VNC_RESOLUTION\n..."
-vncserver $DISPLAY -depth $VNC_COL_DEPTH -geometry $VNC_RESOLUTION -FrameRate=$MAX_FRAME_RATE -websocketPort $VNC_PORT $cert_option -sslOnly -interface 0.0.0.0 $VNCOPTIONS $package_www_dir_option $verbose_logging_option #&> $STARTUPDIR/no_vnc_startup.log
+vncserver $DISPLAY -select-de xfce -depth $VNC_COL_DEPTH -geometry $VNC_RESOLUTION -FrameRate=$MAX_FRAME_RATE -websocketPort $VNC_PORT $cert_option -sslOnly -interface 0.0.0.0 $VNCOPTIONS $package_www_dir_option $verbose_logging_option #&> $STARTUPDIR/no_vnc_startup.log
 PID_SUN=$!
--- a/builder/test-vncserver
+++ b/builder/test-vncserver
@@ -0,0 +1,15 @@
 #!/bin/bash
 set -e
 cd "$(dirname "$0")"
 . ./os_ver_cli.sh
 docker build --build-arg KASMVNC_PACKAGE_DIR="build/${os_codename}" \
  -t kasmvnctester_${os}:$os_codename \
  -f dockerfile.${os}_${os_codename}.vncserver.test .
 docker run -it -v $(realpath ${PWD}/..):/src -p 8443:8443 -p 8444:8444 \
  -p 8445:8445 --rm \
  -e KASMVNC_VERBOSE_LOGGING=$KASMVNC_VERBOSE_LOGGING \
  -e "VNC_USER=foo" -e "VNC_PW=foobar" \
  kasmvnctester_${os}:$os_codename
--- a/centos/kasmvncserver.spec
+++ b/centos/kasmvncserver.spec
@@ -7,7 +7,7 @@ License: GPLv2+
 URL: https://github.com/kasmtech/KasmVNC
 BuildRequires: rsync
-Requires: xorg-x11-xauth, xorg-x11-xkb-utils, xkeyboard-config, xorg-x11-server-utils, openssl, perl
+Requires: xorg-x11-xauth, xorg-x11-xkb-utils, xkeyboard-config, xorg-x11-server-utils, openssl, perl, perl-Switch, rpmfusion-free-release, perl-Hash-Merge-Simple, perl-Scalar-List-Utils
 Conflicts: tigervnc-server, tigervnc-server-minimal
 %description
@@ -48,12 +48,12 @@ DESTDIR=$RPM_BUILD_ROOT
 DST_MAN=$DESTDIR/usr/share/man/man1
 mkdir -p $DESTDIR/usr/bin $DESTDIR/usr/share/man/man1 \
-  $DESTDIR/usr/share/doc/kasmvncserver
+  $DESTDIR/usr/share/doc/kasmvncserver $DESTDIR/usr/lib
 cp $SRC_BIN/Xvnc $DESTDIR/usr/bin;
 cp $SRC_BIN/vncserver $DESTDIR/usr/bin;
 cp $SRC_BIN/vncconfig $DESTDIR/usr/bin;
 cp $SRC_BIN/kasmvncpasswd $DESTDIR/usr/bin;
-cp $SRC_BIN/kasmxproxy $DESTDIR/usr/bin;
+cp -r $SRC/lib/kasmvnc/ $DESTDIR/usr/lib/kasmvncserver
 cd $DESTDIR/usr/bin && ln -s kasmvncpasswd vncpasswd;
 cp -r $SRC/share/doc/kasmvnc*/* $DESTDIR/usr/share/doc/kasmvncserver/
 rsync -r --exclude '.git*' --exclude po2js --exclude xgettext-html \
@@ -63,12 +63,11 @@ cp $SRC/man/man1/Xvnc.1 $DESTDIR/usr/share/man/man1/;
 cp $SRC/share/man/man1/vncserver.1 $DST_MAN;
 cp $SRC/share/man/man1/vncconfig.1 $DST_MAN;
 cp $SRC/share/man/man1/vncpasswd.1 $DST_MAN;
 cp $SRC/share/man/man1/kasmxproxy.1 $DST_MAN;
 cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %files
 /usr/bin/*
 /usr/lib/kasmvncserver
 /usr/share/man/man1/*
 /usr/share/kasmvnc/www
@@ -76,7 +75,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 %changelog
 * Tue Mar 22 2022 KasmTech <info@kasmweb.com> - 0.9.3~beta-1
 * Fri Feb 12 2021 KasmTech <info@kasmweb.com> - 0.9.1~beta-1
 - Initial release of the rpm package.
--- a/common/network/Blacklist.cxx
+++ b/common/network/Blacklist.cxx
@@ -1,85 +0,0 @@
 /* Copyright (C) 2021 Kasm
 *
 * This is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this software; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
 * USA.
 */
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
 #include <arpa/inet.h>
 #include <errno.h>
 #include <netinet/tcp.h>
 #include <netdb.h>
 #include <pthread.h>
 #include <stdlib.h>
 #include <time.h>
 #include <map>
 #include <string>
 #include <network/Blacklist.h>
 #include <rfb/Blacklist.h>
 static std::map<std::string, unsigned> hits;
 static std::map<std::string, time_t> blacklist;
 static pthread_mutex_t hitmutex = PTHREAD_MUTEX_INITIALIZER;
 static pthread_mutex_t blmutex = PTHREAD_MUTEX_INITIALIZER;
 unsigned char bl_isBlacklisted(const char *addr) {
 	const unsigned char count = blacklist.count(addr);
 	if (!count)
 		return 0;
 	const time_t now = time(NULL);
 	const unsigned timeout = rfb::Blacklist::initialTimeout;
 	if (pthread_mutex_lock(&blmutex))
 		abort();
 	if (now - timeout > blacklist[addr]) {
 		blacklist.erase(addr);
 		pthread_mutex_unlock(&blmutex);
 		if (pthread_mutex_lock(&hitmutex))
 			abort();
 		hits.erase(addr);
 		pthread_mutex_unlock(&hitmutex);
 		return 0;
 	} else {
 		blacklist[addr] = now;
 		pthread_mutex_unlock(&blmutex);
 		return 1;
 	}
 }
 void bl_addFailure(const char *addr) {
 	if (!rfb::Blacklist::threshold)
 		return;
 	if (pthread_mutex_lock(&hitmutex))
 		abort();
 	const unsigned num = ++hits[addr];
 	pthread_mutex_unlock(&hitmutex);
 	if (num >= (unsigned) rfb::Blacklist::threshold) {
 		if (pthread_mutex_lock(&blmutex))
 			abort();
 		blacklist[addr] = time(NULL);
 		pthread_mutex_unlock(&blmutex);
 	}
 }
--- a/common/network/Blacklist.h
+++ b/common/network/Blacklist.h
@@ -1,33 +0,0 @@
 /* Copyright (C) 2021 Kasm
 *
 * This is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this software; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
 * USA.
 */
 #ifndef __NETWORK_BLACKLIST_H__
 #define __NETWORK_BLACKLIST_H__
 #ifdef __cplusplus
 extern "C" {
 #endif
 unsigned char bl_isBlacklisted(const char *);
 void bl_addFailure(const char *);
 #ifdef __cplusplus
 } // extern C
 #endif
 #endif // __NETWORK_TCP_SOCKET_H__
--- a/common/network/CMakeLists.txt
+++ b/common/network/CMakeLists.txt
@@ -2,11 +2,8 @@ include_directories(${CMAKE_SOURCE_DIR}/common ${CMAKE_SOURCE_DIR}/unix/kasmvncp
 set(NETWORK_SOURCES
  GetAPIMessager.cxx
  Blacklist.cxx
  Socket.cxx
  TcpSocket.cxx
  cJSON.c
  jsonescape.c
  websocket.c
  websockify.c
  ${CMAKE_SOURCE_DIR}/unix/kasmvncpasswd/kasmpasswd.c)
--- a/common/network/GetAPI.h
+++ b/common/network/GetAPI.h
@@ -21,7 +21,6 @@
 #include <kasmpasswd.h>
 #include <pthread.h>
 #include <network/GetAPIEnums.h>
 #include <rfb/PixelBuffer.h>
 #include <rfb/PixelFormat.h>
 #include <stdint.h>
@@ -53,21 +52,17 @@ namespace network {
    uint8_t *netGetScreenshot(uint16_t w, uint16_t h,
                              const uint8_t q, const bool dedup,
                              uint32_t &len, uint8_t *staging);
-    uint8_t netAddUser(const char name[], const char pw[],
+    uint8_t netAddUser(const char name[], const char pw[], const bool write);
                       const bool read, const bool write, const bool owner);
    uint8_t netRemoveUser(const char name[]);
-    uint8_t netUpdateUser(const char name[], const uint64_t mask,
+    uint8_t netGiveControlTo(const char name[]);
                          const char password[],
                          const bool read, const bool write, const bool owner);
    uint8_t netAddOrUpdateUser(const struct kasmpasswd_entry_t *entry);
    void netGetUsers(const char **ptr);
    void netGetBottleneckStats(char *buf, uint32_t len);
    void netGetFrameStats(char *buf, uint32_t len);
    void netResetFrameStatsCall();
    uint8_t netServerFrameStatsReady();
    enum USER_ACTION {
-      NONE,
+      //USER_ADD, - handled locally for interactivity
      USER_REMOVE,
      USER_GIVE_CONTROL,
      WANT_FRAME_STATS_SERVERONLY,
      WANT_FRAME_STATS_ALL,
      WANT_FRAME_STATS_OWNER,
--- a/common/network/GetAPIEnums.h
+++ b/common/network/GetAPIEnums.h
@@ -1,30 +0,0 @@
 /* Copyright (C) 2021 Kasm
 *
 * This is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this software; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
 * USA.
 */
 #ifndef __NETWORK_GET_API_ENUMS_H__
 #define __NETWORK_GET_API_ENUMS_H__
 // Enums that need accessibility from both C and C++.
 enum USER_UPDATE_MASK {
 	USER_UPDATE_WRITE_MASK = 1 << 0,
 	USER_UPDATE_OWNER_MASK = 1 << 1,
 	USER_UPDATE_PASSWORD_MASK = 1 << 2,
 	USER_UPDATE_READ_MASK = 1 << 3,
 };
 #endif
--- a/common/network/GetAPIMessager.cxx
+++ b/common/network/GetAPIMessager.cxx
@@ -20,7 +20,6 @@
 #include <inttypes.h>
 #include <network/GetAPI.h>
 #include <network/jsonescape.h>
 #include <rfb/ConnParams.h>
 #include <rfb/EncodeManager.h>
 #include <rfb/LogWriter.h>
@@ -264,9 +263,10 @@ uint8_t *GetAPIMessager::netGetScreenshot(uint16_t w, uint16_t h,
 	return ret;
 }
-uint8_t GetAPIMessager::netAddUser(const char name[], const char pw[],
+#define USERNAME_LEN sizeof(((struct kasmpasswd_entry_t *)0)->user)
-					const bool read, const bool write,
+#define PASSWORD_LEN sizeof(((struct kasmpasswd_entry_t *)0)->password)
-					const bool owner) {
+
 uint8_t GetAPIMessager::netAddUser(const char name[], const char pw[], const bool write) {
 	if (strlen(name) >= USERNAME_LEN) {
 		vlog.error("Username too long");
 		return 0;
@@ -280,17 +280,14 @@ uint8_t GetAPIMessager::netAddUser(const char name[], const char pw[],
 	if (!passwdfile)
 		return 0;
 	uint8_t ret = 1;
 	action_data act;
 	memcpy(act.data.user, name, USERNAME_LEN);
 	act.data.user[USERNAME_LEN - 1] = '\0';
 	memcpy(act.data.password, pw, PASSWORD_LEN);
 	act.data.password[PASSWORD_LEN - 1] = '\0';
-	act.data.owner = owner;
+	act.data.owner = 0;
 	act.data.write = write;
 	act.data.read = read;
 	if (pthread_mutex_lock(&userMutex))
 		return 0;
@@ -302,9 +299,8 @@ uint8_t GetAPIMessager::netAddUser(const char name[], const char pw[],
        struct kasmpasswd_t *set = readkasmpasswd(passwdfile);
        unsigned s;
        for (s = 0; s < set->num; s++) {
-          if (!strcmp(set->entries[s].user, name)) {
+          if (!strcmp(set->entries[s].user, act.data.user)) {
-            vlog.error("Can't create user %s, already exists", name);
+            vlog.error("Can't create user %s, already exists", act.data.user);
            ret = 0;
            goto out;
          }
        }
@@ -315,14 +311,11 @@ uint8_t GetAPIMessager::netAddUser(const char name[], const char pw[],
        set->entries[s] = act.data;
        writekasmpasswd(passwdfile, set);
-        vlog.info("User %s created", name);
+        vlog.info("User %s created", act.data.user);
 out:
 	pthread_mutex_unlock(&userMutex);
-	free(set->entries);
+	return 1;
 	free(set);
 	return ret;
 }
 uint8_t GetAPIMessager::netRemoveUser(const char name[]) {
@@ -331,189 +324,44 @@ uint8_t GetAPIMessager::netRemoveUser(const char name[]) {
 		return 0;
 	}
 	action_data act;
 	act.action = USER_REMOVE;
 	memcpy(act.data.user, name, USERNAME_LEN);
 	act.data.user[USERNAME_LEN - 1] = '\0';
 	if (pthread_mutex_lock(&userMutex))
 		return 0;
-	struct kasmpasswd_t *set = readkasmpasswd(passwdfile);
+	actionQueue.push_back(act);
 	bool found = false;
 	unsigned s;
 	for (s = 0; s < set->num; s++) {
 		if (!strcmp(set->entries[s].user, name)) {
 			set->entries[s].user[0] = '\0';
 			found = true;
 			break;
 		}
 	}
 	if (found) {
 		writekasmpasswd(passwdfile, set);
 		vlog.info("User %s removed", name);
 	} else {
 		vlog.error("Tried to remove nonexistent user %s", name);
 		pthread_mutex_unlock(&userMutex);
 		free(set->entries);
 		free(set);
 		return 0;
 	}
 	pthread_mutex_unlock(&userMutex);
 	free(set->entries);
 	free(set);
 	return 1;
 }
-uint8_t GetAPIMessager::netUpdateUser(const char name[], const uint64_t mask,
+uint8_t GetAPIMessager::netGiveControlTo(const char name[]) {
 	                              const char password[],
 	                              const bool read, const bool write, const bool owner) {
 	if (strlen(name) >= USERNAME_LEN) {
 		vlog.error("Username too long");
 		return 0;
 	}
-	if (strlen(password) >= PASSWORD_LEN) {
+	action_data act;
-		vlog.error("Password too long");
+	act.action = USER_GIVE_CONTROL;
 		return 0;
 	}
-	if (!mask) {
+	memcpy(act.data.user, name, USERNAME_LEN);
-		vlog.error("Update_user without any updates?");
+	act.data.user[USERNAME_LEN - 1] = '\0';
 		return 0;
 	}
 	if (pthread_mutex_lock(&userMutex))
 		return 0;
-	struct kasmpasswd_t *set = readkasmpasswd(passwdfile);
+	actionQueue.push_back(act);
 	bool found = false;
 	unsigned s;
 	for (s = 0; s < set->num; s++) {
 		if (!strcmp(set->entries[s].user, name)) {
 			if (mask & USER_UPDATE_READ_MASK)
 				set->entries[s].read = read;
 			if (mask & USER_UPDATE_WRITE_MASK)
 				set->entries[s].write = write;
 			if (mask & USER_UPDATE_OWNER_MASK)
 				set->entries[s].owner = owner;
 			if (mask & USER_UPDATE_PASSWORD_MASK)
 				strcpy(set->entries[s].password, password);
 			found = true;
 			break;
 		}
 	}
 	if (found) {
 		writekasmpasswd(passwdfile, set);
 		vlog.info("User %s permissions updated", name);
 	} else {
 		vlog.error("Tried to update nonexistent user %s", name);
 		pthread_mutex_unlock(&userMutex);
 		free(set->entries);
 		free(set);
 		return 0;
 	}
 	pthread_mutex_unlock(&userMutex);
 	free(set->entries);
 	free(set);
 	return 1;
 }
 uint8_t GetAPIMessager::netAddOrUpdateUser(const struct kasmpasswd_entry_t *entry) {
 	if (pthread_mutex_lock(&userMutex))
 		return 0;
        struct kasmpasswd_t *set = readkasmpasswd(passwdfile);
        unsigned s;
        bool updated = false;
        for (s = 0; s < set->num; s++) {
 		if (!strcmp(set->entries[s].user, entry->user)) {
 			set->entries[s] = *entry;
 			updated = true;
 			vlog.info("User %s updated", entry->user);
 			break;
 		}
        }
 	if (!updated) {
 	        s = set->num++;
 		set->entries = (struct kasmpasswd_entry_t *) realloc(set->entries,
 									set->num * sizeof(struct kasmpasswd_entry_t));
 		set->entries[s] = *entry;
 	        vlog.info("User %s created", entry->user);
        }
 	writekasmpasswd(passwdfile, set);
 	pthread_mutex_unlock(&userMutex);
 	free(set->entries);
 	free(set);
 	return 1;
 }
 void GetAPIMessager::netGetUsers(const char **outptr) {
 /*
 [
    { "user": "username", "write": true, "owner": true },
    { "user": "username", "write": true, "owner": true }
 ]
 */
 	char *buf;
 	char escapeduser[USERNAME_LEN * 2];
 	if (pthread_mutex_lock(&userMutex)) {
 		*outptr = (char *) calloc(1, 1);
 		return;
 	}
 	struct kasmpasswd_t *set = readkasmpasswd(passwdfile);
 	buf = (char *) calloc(set->num, 80);
 	FILE *f = fmemopen(buf, set->num * 80, "w");
 	fprintf(f, "[\n");
 	unsigned s;
 	for (s = 0; s < set->num; s++) {
 		JSON_escape(set->entries[s].user, escapeduser);
 		fprintf(f, "    { \"user\": \"%s\", \"read\": %s, \"write\": %s, \"owner\": %s }",
 			escapeduser,
 			set->entries[s].read ? "true" : "false",
 			set->entries[s].write ? "true" : "false",
 			set->entries[s].owner ? "true" : "false");
 		if (s == set->num - 1)
 			fprintf(f, "\n");
 		else
 			fprintf(f, ",\n");
 	}
 	free(set->entries);
 	free(set);
 	fprintf(f, "]\n");
 	fclose(f);
 	pthread_mutex_unlock(&userMutex);
 	*outptr = buf;
 }
 void GetAPIMessager::netGetBottleneckStats(char *buf, uint32_t len) {
 /*
 {
@@ -692,15 +540,6 @@ out:
 	pthread_mutex_unlock(&frameStatMutex);
 }
 void GetAPIMessager::netResetFrameStatsCall() {
 	if (pthread_mutex_lock(&frameStatMutex))
 		return;
 	serverFrameStats.inprogress = 0;
 	pthread_mutex_unlock(&frameStatMutex);
 }
 uint8_t GetAPIMessager::netRequestFrameStats(USER_ACTION what, const char *client) {
 	// Return 1 for success
 	action_data act;
--- a/common/network/TcpSocket.cxx
+++ b/common/network/TcpSocket.cxx
@@ -443,10 +443,10 @@ static uint8_t *screenshotCb(void *messager, uint16_t w, uint16_t h, const uint8
 }
 static uint8_t adduserCb(void *messager, const char name[], const char pw[],
-                          const uint8_t read, const uint8_t write, const uint8_t owner)
+                          const uint8_t write)
 {
  GetAPIMessager *msgr = (GetAPIMessager *) messager;
-  return msgr->netAddUser(name, pw, read, write, owner);
+  return msgr->netAddUser(name, pw, write);
 }
 static uint8_t removeCb(void *messager, const char name[])
@@ -455,24 +455,10 @@ static uint8_t removeCb(void *messager, const char name[])
  return msgr->netRemoveUser(name);
 }
-static uint8_t updateUserCb(void *messager, const char name[], const uint64_t mask,
+static uint8_t givecontrolCb(void *messager, const char name[])
                            const char password[],
                            const uint8_t read, const uint8_t write, const uint8_t owner)
 {
  GetAPIMessager *msgr = (GetAPIMessager *) messager;
-  return msgr->netUpdateUser(name, mask, password, read, write, owner);
+  return msgr->netGiveControlTo(name);
 }
 static uint8_t addOrUpdateUserCb(void *messager, const struct kasmpasswd_entry_t *entry)
 {
  GetAPIMessager *msgr = (GetAPIMessager *) messager;
  return msgr->netAddOrUpdateUser(entry);
 }
 static void getUsersCb(void *messager, const char **ptr)
 {
  GetAPIMessager *msgr = (GetAPIMessager *) messager;
  msgr->netGetUsers(ptr);
 }
 static void bottleneckStatsCb(void *messager, char *buf, uint32_t len)
@@ -487,12 +473,6 @@ static void frameStatsCb(void *messager, char *buf, uint32_t len)
  msgr->netGetFrameStats(buf, len);
 }
 static void resetFrameStatsCb(void *messager)
 {
  GetAPIMessager *msgr = (GetAPIMessager *) messager;
  msgr->netResetFrameStatsCall();
 }
 static uint8_t requestFrameStatsNoneCb(void *messager)
 {
  GetAPIMessager *msgr = (GetAPIMessager *) messager;
@@ -633,12 +613,9 @@ WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr,
  settings.screenshotCb = screenshotCb;
  settings.adduserCb = adduserCb;
  settings.removeCb = removeCb;
-  settings.updateUserCb = updateUserCb;
+  settings.givecontrolCb = givecontrolCb;
  settings.addOrUpdateUserCb = addOrUpdateUserCb;
  settings.getUsersCb = getUsersCb;
  settings.bottleneckStatsCb = bottleneckStatsCb;
  settings.frameStatsCb = frameStatsCb;
  settings.resetFrameStatsCb = resetFrameStatsCb;
  settings.requestFrameStatsNoneCb = requestFrameStatsNoneCb;
  settings.requestFrameStatsOwnerCb = requestFrameStatsOwnerCb;
@@ -931,8 +908,6 @@ void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
      freeaddrinfo(ai);
      throw;
    }
    freeaddrinfo(ai);
  }
 }
--- a/common/network/cJSON.c
+++ b/common/network/cJSON.c
--- a/common/network/cJSON.h
+++ b/common/network/cJSON.h
@@ -1,295 +0,0 @@
 /*
  Copyright (c) 2009-2017 Dave Gamble and cJSON contributors
  Permission is hereby granted, free of charge, to any person obtaining a copy
  of this software and associated documentation files (the "Software"), to deal
  in the Software without restriction, including without limitation the rights
  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  copies of the Software, and to permit persons to whom the Software is
  furnished to do so, subject to the following conditions:
  The above copyright notice and this permission notice shall be included in
  all copies or substantial portions of the Software.
  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  THE SOFTWARE.
 */
 // 2fc55f6 from Jan 20, 2022
 #ifndef cJSON__h
 #define cJSON__h
 #ifdef __cplusplus
 extern "C"
 {
 #endif
 #if !defined(__WINDOWS__) && (defined(WIN32) || defined(WIN64) || defined(_MSC_VER) || defined(_WIN32))
 #define __WINDOWS__
 #endif
 #ifdef __WINDOWS__
 /* When compiling for windows, we specify a specific calling convention to avoid issues where we are being called from a project with a different default calling convention.  For windows you have 3 define options:
 CJSON_HIDE_SYMBOLS - Define this in the case where you don't want to ever dllexport symbols
 CJSON_EXPORT_SYMBOLS - Define this on library build when you want to dllexport symbols (default)
 CJSON_IMPORT_SYMBOLS - Define this if you want to dllimport symbol
 For *nix builds that support visibility attribute, you can define similar behavior by
 setting default visibility to hidden by adding
 -fvisibility=hidden (for gcc)
 or
 -xldscope=hidden (for sun cc)
 to CFLAGS
 then using the CJSON_API_VISIBILITY flag to "export" the same symbols the way CJSON_EXPORT_SYMBOLS does
 */
 #define CJSON_CDECL __cdecl
 #define CJSON_STDCALL __stdcall
 /* export symbols by default, this is necessary for copy pasting the C and header file */
 #if !defined(CJSON_HIDE_SYMBOLS) && !defined(CJSON_IMPORT_SYMBOLS) && !defined(CJSON_EXPORT_SYMBOLS)
 #define CJSON_EXPORT_SYMBOLS
 #endif
 #if defined(CJSON_HIDE_SYMBOLS)
 #define CJSON_PUBLIC(type)   type CJSON_STDCALL
 #elif defined(CJSON_EXPORT_SYMBOLS)
 #define CJSON_PUBLIC(type)   __declspec(dllexport) type CJSON_STDCALL
 #elif defined(CJSON_IMPORT_SYMBOLS)
 #define CJSON_PUBLIC(type)   __declspec(dllimport) type CJSON_STDCALL
 #endif
 #else /* !__WINDOWS__ */
 #define CJSON_CDECL
 #define CJSON_STDCALL
 #if (defined(__GNUC__) || defined(__SUNPRO_CC) || defined (__SUNPRO_C)) && defined(CJSON_API_VISIBILITY)
 #define CJSON_PUBLIC(type)   __attribute__((visibility("default"))) type
 #else
 #define CJSON_PUBLIC(type) type
 #endif
 #endif
 /* project version */
 #define CJSON_VERSION_MAJOR 1
 #define CJSON_VERSION_MINOR 7
 #define CJSON_VERSION_PATCH 15
 #include <stddef.h>
 /* cJSON Types: */
 #define cJSON_Invalid (0)
 #define cJSON_False  (1 << 0)
 #define cJSON_True   (1 << 1)
 #define cJSON_NULL   (1 << 2)
 #define cJSON_Number (1 << 3)
 #define cJSON_String (1 << 4)
 #define cJSON_Array  (1 << 5)
 #define cJSON_Object (1 << 6)
 #define cJSON_Raw    (1 << 7) /* raw json */
 #define cJSON_IsReference 256
 #define cJSON_StringIsConst 512
 /* The cJSON structure: */
 typedef struct cJSON
 {
    /* next/prev allow you to walk array/object chains. Alternatively, use GetArraySize/GetArrayItem/GetObjectItem */
    struct cJSON *next;
    struct cJSON *prev;
    /* An array or object item will have a child pointer pointing to a chain of the items in the array/object. */
    struct cJSON *child;
    /* The type of the item, as above. */
    int type;
    /* The item's string, if type==cJSON_String  and type == cJSON_Raw */
    char *valuestring;
    /* writing to valueint is DEPRECATED, use cJSON_SetNumberValue instead */
    int valueint;
    /* The item's number, if type==cJSON_Number */
    double valuedouble;
    /* The item's name string, if this item is the child of, or is in the list of subitems of an object. */
    char *string;
 } cJSON;
 typedef struct cJSON_Hooks
 {
      /* malloc/free are CDECL on Windows regardless of the default calling convention of the compiler, so ensure the hooks allow passing those functions directly. */
      void *(CJSON_CDECL *malloc_fn)(size_t sz);
      void (CJSON_CDECL *free_fn)(void *ptr);
 } cJSON_Hooks;
 typedef int cJSON_bool;
 /* Limits how deeply nested arrays/objects can be before cJSON rejects to parse them.
 * This is to prevent stack overflows. */
 #ifndef CJSON_NESTING_LIMIT
 #define CJSON_NESTING_LIMIT 1000
 #endif
 /* returns the version of cJSON as a string */
 CJSON_PUBLIC(const char*) cJSON_Version(void);
 /* Supply malloc, realloc and free functions to cJSON */
 CJSON_PUBLIC(void) cJSON_InitHooks(cJSON_Hooks* hooks);
 /* Memory Management: the caller is always responsible to free the results from all variants of cJSON_Parse (with cJSON_Delete) and cJSON_Print (with stdlib free, cJSON_Hooks.free_fn, or cJSON_free as appropriate). The exception is cJSON_PrintPreallocated, where the caller has full responsibility of the buffer. */
 /* Supply a block of JSON, and this returns a cJSON object you can interrogate. */
 CJSON_PUBLIC(cJSON *) cJSON_Parse(const char *value);
 CJSON_PUBLIC(cJSON *) cJSON_ParseWithLength(const char *value, size_t buffer_length);
 /* ParseWithOpts allows you to require (and check) that the JSON is null terminated, and to retrieve the pointer to the final byte parsed. */
 /* If you supply a ptr in return_parse_end and parsing fails, then return_parse_end will contain a pointer to the error so will match cJSON_GetErrorPtr(). */
 CJSON_PUBLIC(cJSON *) cJSON_ParseWithOpts(const char *value, const char **return_parse_end, cJSON_bool require_null_terminated);
 CJSON_PUBLIC(cJSON *) cJSON_ParseWithLengthOpts(const char *value, size_t buffer_length, const char **return_parse_end, cJSON_bool require_null_terminated);
 /* Render a cJSON entity to text for transfer/storage. */
 CJSON_PUBLIC(char *) cJSON_Print(const cJSON *item);
 /* Render a cJSON entity to text for transfer/storage without any formatting. */
 CJSON_PUBLIC(char *) cJSON_PrintUnformatted(const cJSON *item);
 /* Render a cJSON entity to text using a buffered strategy. prebuffer is a guess at the final size. guessing well reduces reallocation. fmt=0 gives unformatted, =1 gives formatted */
 CJSON_PUBLIC(char *) cJSON_PrintBuffered(const cJSON *item, int prebuffer, cJSON_bool fmt);
 /* Render a cJSON entity to text using a buffer already allocated in memory with given length. Returns 1 on success and 0 on failure. */
 /* NOTE: cJSON is not always 100% accurate in estimating how much memory it will use, so to be safe allocate 5 bytes more than you actually need */
 CJSON_PUBLIC(cJSON_bool) cJSON_PrintPreallocated(cJSON *item, char *buffer, const int length, const cJSON_bool format);
 /* Delete a cJSON entity and all subentities. */
 CJSON_PUBLIC(void) cJSON_Delete(cJSON *item);
 /* Returns the number of items in an array (or object). */
 CJSON_PUBLIC(int) cJSON_GetArraySize(const cJSON *array);
 /* Retrieve item number "index" from array "array". Returns NULL if unsuccessful. */
 CJSON_PUBLIC(cJSON *) cJSON_GetArrayItem(const cJSON *array, int index);
 /* Get item "string" from object. Case insensitive. */
 CJSON_PUBLIC(cJSON *) cJSON_GetObjectItem(const cJSON * const object, const char * const string);
 CJSON_PUBLIC(cJSON *) cJSON_GetObjectItemCaseSensitive(const cJSON * const object, const char * const string);
 CJSON_PUBLIC(cJSON_bool) cJSON_HasObjectItem(const cJSON *object, const char *string);
 /* For analysing failed parses. This returns a pointer to the parse error. You'll probably need to look a few chars back to make sense of it. Defined when cJSON_Parse() returns 0. 0 when cJSON_Parse() succeeds. */
 CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void);
 /* Check item type and return its value */
 CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item);
 CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item);
 /* These functions check the type of an item */
 CJSON_PUBLIC(cJSON_bool) cJSON_IsInvalid(const cJSON * const item);
 CJSON_PUBLIC(cJSON_bool) cJSON_IsFalse(const cJSON * const item);
 CJSON_PUBLIC(cJSON_bool) cJSON_IsTrue(const cJSON * const item);
 CJSON_PUBLIC(cJSON_bool) cJSON_IsBool(const cJSON * const item);
 CJSON_PUBLIC(cJSON_bool) cJSON_IsNull(const cJSON * const item);
 CJSON_PUBLIC(cJSON_bool) cJSON_IsNumber(const cJSON * const item);
 CJSON_PUBLIC(cJSON_bool) cJSON_IsString(const cJSON * const item);
 CJSON_PUBLIC(cJSON_bool) cJSON_IsArray(const cJSON * const item);
 CJSON_PUBLIC(cJSON_bool) cJSON_IsObject(const cJSON * const item);
 CJSON_PUBLIC(cJSON_bool) cJSON_IsRaw(const cJSON * const item);
 /* These calls create a cJSON item of the appropriate type. */
 CJSON_PUBLIC(cJSON *) cJSON_CreateNull(void);
 CJSON_PUBLIC(cJSON *) cJSON_CreateTrue(void);
 CJSON_PUBLIC(cJSON *) cJSON_CreateFalse(void);
 CJSON_PUBLIC(cJSON *) cJSON_CreateBool(cJSON_bool boolean);
 CJSON_PUBLIC(cJSON *) cJSON_CreateNumber(double num);
 CJSON_PUBLIC(cJSON *) cJSON_CreateString(const char *string);
 /* raw json */
 CJSON_PUBLIC(cJSON *) cJSON_CreateRaw(const char *raw);
 CJSON_PUBLIC(cJSON *) cJSON_CreateArray(void);
 CJSON_PUBLIC(cJSON *) cJSON_CreateObject(void);
 /* Create a string where valuestring references a string so
 * it will not be freed by cJSON_Delete */
 CJSON_PUBLIC(cJSON *) cJSON_CreateStringReference(const char *string);
 /* Create an object/array that only references it's elements so
 * they will not be freed by cJSON_Delete */
 CJSON_PUBLIC(cJSON *) cJSON_CreateObjectReference(const cJSON *child);
 CJSON_PUBLIC(cJSON *) cJSON_CreateArrayReference(const cJSON *child);
 /* These utilities create an Array of count items.
 * The parameter count cannot be greater than the number of elements in the number array, otherwise array access will be out of bounds.*/
 CJSON_PUBLIC(cJSON *) cJSON_CreateIntArray(const int *numbers, int count);
 CJSON_PUBLIC(cJSON *) cJSON_CreateFloatArray(const float *numbers, int count);
 CJSON_PUBLIC(cJSON *) cJSON_CreateDoubleArray(const double *numbers, int count);
 CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char *const *strings, int count);
 /* Append item to the specified array/object. */
 CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToArray(cJSON *array, cJSON *item);
 CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObject(cJSON *object, const char *string, cJSON *item);
 /* Use this when string is definitely const (i.e. a literal, or as good as), and will definitely survive the cJSON object.
 * WARNING: When this function was used, make sure to always check that (item->type & cJSON_StringIsConst) is zero before
 * writing to `item->string` */
 CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObjectCS(cJSON *object, const char *string, cJSON *item);
 /* Append reference to item to the specified array/object. Use this when you want to add an existing cJSON to a new cJSON, but don't want to corrupt your existing cJSON. */
 CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToArray(cJSON *array, cJSON *item);
 CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToObject(cJSON *object, const char *string, cJSON *item);
 /* Remove/Detach items from Arrays/Objects. */
 CJSON_PUBLIC(cJSON *) cJSON_DetachItemViaPointer(cJSON *parent, cJSON * const item);
 CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromArray(cJSON *array, int which);
 CJSON_PUBLIC(void) cJSON_DeleteItemFromArray(cJSON *array, int which);
 CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObject(cJSON *object, const char *string);
 CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObjectCaseSensitive(cJSON *object, const char *string);
 CJSON_PUBLIC(void) cJSON_DeleteItemFromObject(cJSON *object, const char *string);
 CJSON_PUBLIC(void) cJSON_DeleteItemFromObjectCaseSensitive(cJSON *object, const char *string);
 /* Update array items. */
 CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON *newitem); /* Shifts pre-existing items to the right. */
 CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemViaPointer(cJSON * const parent, cJSON * const item, cJSON * replacement);
 CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInArray(cJSON *array, int which, cJSON *newitem);
 CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObject(cJSON *object,const char *string,cJSON *newitem);
 CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObjectCaseSensitive(cJSON *object,const char *string,cJSON *newitem);
 /* Duplicate a cJSON item */
 CJSON_PUBLIC(cJSON *) cJSON_Duplicate(const cJSON *item, cJSON_bool recurse);
 /* Duplicate will create a new, identical cJSON item to the one you pass, in new memory that will
 * need to be released. With recurse!=0, it will duplicate any children connected to the item.
 * The item->next and ->prev pointers are always zero on return from Duplicate. */
 /* Recursively compare two cJSON items for equality. If either a or b is NULL or invalid, they will be considered unequal.
 * case_sensitive determines if object keys are treated case sensitive (1) or case insensitive (0) */
 CJSON_PUBLIC(cJSON_bool) cJSON_Compare(const cJSON * const a, const cJSON * const b, const cJSON_bool case_sensitive);
 /* Minify a strings, remove blank characters(such as ' ', '\t', '\r', '\n') from strings.
 * The input pointer json cannot point to a read-only address area, such as a string constant, 
 * but should point to a readable and writable address area. */
 CJSON_PUBLIC(void) cJSON_Minify(char *json);
 /* Helper functions for creating and adding items to an object at the same time.
 * They return the added item or NULL on failure. */
 CJSON_PUBLIC(cJSON*) cJSON_AddNullToObject(cJSON * const object, const char * const name);
 CJSON_PUBLIC(cJSON*) cJSON_AddTrueToObject(cJSON * const object, const char * const name);
 CJSON_PUBLIC(cJSON*) cJSON_AddFalseToObject(cJSON * const object, const char * const name);
 CJSON_PUBLIC(cJSON*) cJSON_AddBoolToObject(cJSON * const object, const char * const name, const cJSON_bool boolean);
 CJSON_PUBLIC(cJSON*) cJSON_AddNumberToObject(cJSON * const object, const char * const name, const double number);
 CJSON_PUBLIC(cJSON*) cJSON_AddStringToObject(cJSON * const object, const char * const name, const char * const string);
 CJSON_PUBLIC(cJSON*) cJSON_AddRawToObject(cJSON * const object, const char * const name, const char * const raw);
 CJSON_PUBLIC(cJSON*) cJSON_AddObjectToObject(cJSON * const object, const char * const name);
 CJSON_PUBLIC(cJSON*) cJSON_AddArrayToObject(cJSON * const object, const char * const name);
 /* When assigning an integer value, it needs to be propagated to valuedouble too. */
 #define cJSON_SetIntValue(object, number) ((object) ? (object)->valueint = (object)->valuedouble = (number) : (number))
 /* helper for the cJSON_SetNumberValue macro */
 CJSON_PUBLIC(double) cJSON_SetNumberHelper(cJSON *object, double number);
 #define cJSON_SetNumberValue(object, number) ((object != NULL) ? cJSON_SetNumberHelper(object, (double)number) : (number))
 /* Change the valuestring of a cJSON_String object, only takes effect when type of object is cJSON_String */
 CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring);
 /* Macro for iterating over an array or object */
 #define cJSON_ArrayForEach(element, array) for(element = (array != NULL) ? (array)->child : NULL; element != NULL; element = element->next)
 /* malloc/free objects using the malloc/free functions that have been set with cJSON_InitHooks */
 CJSON_PUBLIC(void *) cJSON_malloc(size_t size);
 CJSON_PUBLIC(void) cJSON_free(void *object);
 #ifdef __cplusplus
 }
 #endif
 #endif
--- a/common/network/datelog.h
+++ b/common/network/datelog.h
@@ -1,25 +0,0 @@
 /* Copyright (C) 2022 Kasm
 *
 * This is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this software; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
 * USA.
 */
 #ifndef NETWORK_DATELOG_H
 #define NETWORK_DATELOG_H
 // 2022-05-18 19:51:26
 #define DATELOGFMT "%Y-%m-%d %H:%M:%S"
 #endif
--- a/common/network/jsonescape.c
+++ b/common/network/jsonescape.c
@@ -1,179 +0,0 @@
 /* Copyright (C) 2022 Kasm
 *
 * This is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this software; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
 * USA.
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include "jsonescape.h"
 #include "cJSON.h"
 void JSON_escape(const char *in, char *out) {
 	for (; *in; in++) {
 		if (in[0] == '\b') {
 			*out++ = '\\';
 			*out++ = 'b';
 		} else if (in[0] == '\f') {
 			*out++ = '\\';
 			*out++ = 'f';
 		} else if (in[0] == '\n') {
 			*out++ = '\\';
 			*out++ = 'n';
 		} else if (in[0] == '\r') {
 			*out++ = '\\';
 			*out++ = 'r';
 		} else if (in[0] == '\t') {
 			*out++ = '\\';
 			*out++ = 't';
 		} else if (in[0] == '"') {
 			*out++ = '\\';
 			*out++ = '"';
 		} else if (in[0] == '\\') {
 			*out++ = '\\';
 			*out++ = '\\';
 		} else {
 			*out++ = *in;
 		}
 	}
 	*out = '\0';
 }
 void JSON_unescape(const char *in, char *out) {
 	for (; *in; in++) {
 		if (in[0] == '\\' && in[1] == 'b') {
 			*out++ = '\b';
 			in++;
 		} else if (in[0] == '\\' && in[1] == 'f') {
 			*out++ = '\f';
 			in++;
 		} else if (in[0] == '\\' && in[1] == 'n') {
 			*out++ = '\n';
 			in++;
 		} else if (in[0] == '\\' && in[1] == 'r') {
 			*out++ = '\r';
 			in++;
 		} else if (in[0] == '\\' && in[1] == 't') {
 			*out++ = '\t';
 			in++;
 		} else if (in[0] == '\\' && in[1] == '"') {
 			*out++ = '"';
 			in++;
 		} else if (in[0] == '\\' && in[1] == '\\') {
 			*out++ = '\\';
 			in++;
 		} else {
 			*out++ = *in;
 		}
 	}
 	*out = '\0';
 }
 struct kasmpasswd_t *parseJsonUsers(const char *data) {
 	cJSON *json = cJSON_Parse(data);
 	if (!json)
 		return NULL;
 	if (!(json->type & cJSON_Array))
 		return NULL;
 	struct kasmpasswd_t *set = calloc(sizeof(struct kasmpasswd_t), 1);
 	set->num = cJSON_GetArraySize(json);
 	set->entries = calloc(sizeof(struct kasmpasswd_entry_t), set->num);
 	cJSON *cur;
 	unsigned s, len;
 	for (cur = json->child, s = 0; cur; cur = cur->next, s++) {
 		if (!(cur->type & cJSON_Object))
 			goto fail;
 		cJSON *e;
 		struct kasmpasswd_entry_t * const entry = &set->entries[s];
 		entry->user[0] = '\0';
 		entry->password[0] = '\0';
 		entry->write = entry->owner = 0;
 		for (e = cur->child; e; e = e->next) {
 			#define field(x) if (!strcmp(x, e->string))
 			field("user") {
 				if (!(e->type & cJSON_String))
 					goto fail;
 				len = strlen(e->valuestring);
 				//printf("Val '%.*s'\n", len, start);
 				if (len >= USERNAME_LEN)
 					goto fail;
 				memcpy(entry->user, e->valuestring, len);
 				entry->user[len] = '\0';
 			} else field("password") {
 				if (!(e->type & cJSON_String))
 					goto fail;
 				len = strlen(e->valuestring);
 				//printf("Val '%.*s'\n", len, start);
 				if (len >= PASSWORD_LEN)
 					goto fail;
 				memcpy(entry->password, e->valuestring, len);
 				entry->password[len] = '\0';
 			} else field("write") {
 				if (!(e->type & (cJSON_False | cJSON_True)))
 					goto fail;
 				if (e->type & cJSON_True)
 					entry->write = 1;
 			} else field("owner") {
 				if (!(e->type & (cJSON_False | cJSON_True)))
 					goto fail;
 				if (e->type & cJSON_True)
 					entry->owner = 1;
 			} else field("read") {
 				if (!(e->type & (cJSON_False | cJSON_True)))
 					goto fail;
 				if (e->type & cJSON_True)
 					entry->read = 1;
 			} else {
 				//printf("Unknown field '%.*s'\n", len, start);
 				goto fail;
 			}
 			#undef field
 		}
 	}
 	cJSON_Delete(json);
 	return set;
 fail:
 	free(set->entries);
 	free(set);
 	cJSON_Delete(json);
 	return NULL;
 }
--- a/common/network/jsonescape.h
+++ b/common/network/jsonescape.h
@@ -1,38 +0,0 @@
 /* Copyright (C) 2022 Kasm
 *
 * This is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this software; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
 * USA.
 */
 #ifndef __NETWORK_JSON_ESCAPE_H__
 #define __NETWORK_JSON_ESCAPE_H__
 #include <kasmpasswd.h>
 #include <stdint.h>
 #ifdef __cplusplus
 extern "C" {
 #endif
 void JSON_escape(const char *in, char *out);
 void JSON_unescape(const char *in, char *out);
 struct kasmpasswd_t *parseJsonUsers(const char *data);
 #ifdef __cplusplus
 } // extern C
 #endif
 #endif
--- a/common/network/websocket.c
+++ b/common/network/websocket.c
--- a/common/network/websocket.h
+++ b/common/network/websocket.h
@@ -1,7 +1,5 @@
 #include <openssl/ssl.h>
 #include <stdint.h>
 #include "GetAPIEnums.h"
 #include "datelog.h"
 #define BUFSIZE 65536
 #define DBUFSIZE (BUFSIZE * 3) / 4 - 20
@@ -67,8 +65,6 @@ struct wspass_t {
    char ip[64];
 };
 struct kasmpasswd_entry_t;
 typedef struct {
    int verbose;
    int listen_sock;
@@ -85,15 +81,11 @@ typedef struct {
                             const uint8_t dedup,
                             uint32_t *len, uint8_t *staging);
    uint8_t (*adduserCb)(void *messager, const char name[], const char pw[],
-                          const uint8_t read, const uint8_t write, const uint8_t owner);
+                          const uint8_t write);
    uint8_t (*removeCb)(void *messager, const char name[]);
-    uint8_t (*updateUserCb)(void *messager, const char name[], const uint64_t mask,
+    uint8_t (*givecontrolCb)(void *messager, const char name[]);
                           const char password[],
                           const uint8_t read, const uint8_t write, const uint8_t owner);
    uint8_t (*addOrUpdateUserCb)(void *messager, const struct kasmpasswd_entry_t *entry);
    void (*bottleneckStatsCb)(void *messager, char *buf, uint32_t len);
    void (*frameStatsCb)(void *messager, char *buf, uint32_t len);
    void (*resetFrameStatsCb)(void *messager);
    uint8_t (*requestFrameStatsNoneCb)(void *messager);
    uint8_t (*requestFrameStatsOwnerCb)(void *messager);
@@ -102,7 +94,6 @@ typedef struct {
    uint8_t (*ownerConnectedCb)(void *messager);
    uint8_t (*numActiveUsersCb)(void *messager);
    void (*getUsersCb)(void *messager, const char **buf);
    uint8_t (*getClientFrameStatsNumCb)(void *messager);
    uint8_t (*serverFrameStatsReadyCb)(void *messager);
 } settings_t;
@@ -121,24 +112,18 @@ ssize_t ws_send(ws_ctx_t *ctx, const void *buf, size_t len);
 //int b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize);
 //int b64_pton(char const *src, u_char *target, size_t targsize);
 void wslog(char *logbuf, const unsigned websocket, const uint8_t debug);
 extern __thread unsigned wsthread_handler_id;
 #define gen_handler_msg(stream, ...) \
    if (settings.verbose) { \
-        char logbuf[2][1024]; \
+        fprintf(stream, " websocket %d: ", wsthread_handler_id); \
-        wslog(logbuf[0], wsthread_handler_id, 1); \
+        fprintf(stream, __VA_ARGS__); \
        sprintf(logbuf[1], __VA_ARGS__); \
        fprintf(stream, "%s%s", logbuf[0], logbuf[1]); \
    }
 #define wserr(...) \
    { \
-        char logbuf[2][1024]; \
+        fprintf(stderr, " websocket %d: ", wsthread_handler_id); \
-        wslog(logbuf[0], wsthread_handler_id, 0); \
+        fprintf(stderr, __VA_ARGS__); \
        sprintf(logbuf[1], __VA_ARGS__); \
        fprintf(stderr, "%s%s", logbuf[0], logbuf[1]); \
    }
 #define handler_msg(...) gen_handler_msg(stderr, __VA_ARGS__);
--- a/common/rfb/InputHandler.h
+++ b/common/rfb/InputHandler.h
@@ -36,7 +36,6 @@ namespace rfb {
                          rdr::U32 __unused_attr keycode,
                          bool __unused_attr down) { }
    virtual void pointerEvent(const Point& __unused_attr pos,
 		              const Point& __unused_attr abspos,
 		              int __unused_attr buttonMask,
                              const bool __unused_attr skipClick,
                              const bool __unused_attr skipRelease,
--- a/common/rfb/Logger_file.cxx
+++ b/common/rfb/Logger_file.cxx
@@ -20,14 +20,11 @@
 #include <stdlib.h>
 #include <string.h>
 #include <sys/time.h>
 #include <os/Mutex.h>
 #include <network/datelog.h>
 #include <rfb/util.h>
 #include <rfb/Logger_file.h>
 #include <rfb/LogWriter.h>
 using namespace rfb;
@@ -58,28 +55,14 @@ void Logger_File::write(int level, const char *logname, const char *message)
    if (!m_file) return;
  }
-  struct timeval tv;
+  time_t current = time(0);
-  gettimeofday(&tv, NULL);
+  if (current != m_lastLogTime) {
-
+    m_lastLogTime = current;
  if (tv.tv_sec != m_lastLogTime) {
    m_lastLogTime = tv.tv_sec;
 //    fprintf(m_file, "\n%s", ctime(&m_lastLogTime));
  }
-  char timebuf[128];
+  fprintf(m_file," %s:", logname);
-  struct tm local;
+  int column = strlen(logname) + 2;
  localtime_r(&tv.tv_sec, &local);
  strftime(timebuf, sizeof(timebuf), DATELOGFMT, &local);
  const unsigned msec = tv.tv_usec / 1000;
  const char *levelname = "PRIO";
  if (level >= LogWriter::LEVEL_INFO)
    levelname = "INFO";
  if (level >= LogWriter::LEVEL_DEBUG)
    levelname = "DEBUG";
  int column = fprintf(m_file, " %s,%03u [%s] %s:", timebuf, msec, levelname, logname);
  if (column < indent) {
    fprintf(m_file,"%*s",indent-column,"");
    column = indent;
--- a/common/rfb/SConnection.cxx
+++ b/common/rfb/SConnection.cxx
@@ -216,7 +216,7 @@ void SConnection::processSecurityMsg()
    bool done = ssecurity->processMsg(this);
    if (done) {
      state_ = RFBSTATE_QUERYING;
-      //setAccessRights(ssecurity->getAccessRights());
+      setAccessRights(ssecurity->getAccessRights());
      queryConnection(ssecurity->getUserName());
    }
  } catch (AuthFailureException& e) {
@@ -292,7 +292,7 @@ void SConnection::clearBinaryClipboard()
 }
 void SConnection::addBinaryClipboard(const char mime[], const rdr::U8 *data,
-                                     const rdr::U32 len, const rdr::U32 id)
+                                     const rdr::U32 len)
 {
  binaryClipboard_t bin;
  strncpy(bin.mime, mime, sizeof(bin.mime));
@@ -301,8 +301,6 @@ void SConnection::addBinaryClipboard(const char mime[], const rdr::U8 *data,
  bin.data.resize(len);
  memcpy(&bin.data[0], data, len);
  bin.id = id;
  binaryClipboard.push_back(bin);
 }
--- a/common/rfb/SConnection.h
+++ b/common/rfb/SConnection.h
@@ -76,7 +76,7 @@ namespace rfb {
    virtual void clearBinaryClipboard();
    virtual void addBinaryClipboard(const char mime[], const rdr::U8 *data,
-                                    const rdr::U32 len, const rdr::U32 id);
+                                    const rdr::U32 len);
    virtual void supportsQEMUKeyEvent();
@@ -144,6 +144,7 @@ namespace rfb {
    static const AccessRights AccessDefault;        // The default rights, INCLUDING FUTURE ONES
    static const AccessRights AccessNoQuery;        // Connect without local user accepting
    static const AccessRights AccessFull;           // All of the available AND FUTURE rights
    virtual void setAccessRights(AccessRights ar) = 0;
    // Other methods
@@ -193,7 +194,6 @@ namespace rfb {
    struct binaryClipboard_t {
        char mime[32];
        rdr::U32 id;
        std::vector<unsigned char> data;
    };
--- a/common/rfb/SMsgHandler.cxx
+++ b/common/rfb/SMsgHandler.cxx
@@ -73,7 +73,7 @@ void SMsgHandler::clearBinaryClipboard()
 }
 void SMsgHandler::addBinaryClipboard(const char mime[], const rdr::U8 *data,
-                                     const rdr::U32 len, const rdr::U32 id)
+                                     const rdr::U32 len)
 {
 }
--- a/common/rfb/SMsgHandler.h
+++ b/common/rfb/SMsgHandler.h
@@ -57,7 +57,7 @@ namespace rfb {
    virtual void handleClipboardAnnounceBinary(const unsigned num, const char mimes[][32]);
    virtual void clearBinaryClipboard();
    virtual void addBinaryClipboard(const char mime[], const rdr::U8 *data,
-                                    const rdr::U32 len, const rdr::U32 id);
+                                    const rdr::U32 len);
    virtual void sendStats(const bool toClient = true) = 0;
    virtual void handleFrameStats(rdr::U32 all, rdr::U32 render) = 0;
--- a/common/rfb/SMsgReader.cxx
+++ b/common/rfb/SMsgReader.cxx
@@ -226,8 +226,7 @@ void SMsgReader::readPointerEvent()
  int y = is->readU16();
  int scrollX = is->readS16();
  int scrollY = is->readS16();
-  
+  handler->pointerEvent(Point(x, y), mask, false, false, scrollX, scrollY);
  handler->pointerEvent(Point(x, y), Point(0, 0), mask, false, false, scrollX, scrollY);
 }
@@ -277,7 +276,7 @@ void SMsgReader::readBinaryClipboard()
    vlog.debug("Received binary clipboard, type %s, %u bytes", mime, len);
-    handler->addBinaryClipboard(mime, (rdr::U8 *) ca.buf, len, 0);
+    handler->addBinaryClipboard(mime, (rdr::U8 *) ca.buf, len);
    valid++;
  }
--- a/common/rfb/SMsgWriter.cxx
+++ b/common/rfb/SMsgWriter.cxx
@@ -92,9 +92,6 @@ void SMsgWriter::writeBinaryClipboard(const std::vector<SConnection::binaryClipb
  os->writeU8(b.size());
  rdr::U8 i;
  for (i = 0; i < b.size(); i++) {
    const rdr::U32 id = b[i].id;
    os->writeU32(id);
    const rdr::U8 mimelen = strlen(b[i].mime);
    os->writeU8(mimelen);
    os->writeBytes(b[i].mime, mimelen);
--- a/common/rfb/ServerCore.cxx
+++ b/common/rfb/ServerCore.cxx
@@ -226,4 +226,4 @@ static void bandwidthPreset() {
 rfb::PresetParameter rfb::Server::preferBandwidth
 ("PreferBandwidth",
 "Set various options for lower bandwidth use. The default is off, aka to prefer quality.",
- false, bandwidthPreset);
+ false, bandwidthPreset);
--- a/common/rfb/ServerCore.h
+++ b/common/rfb/ServerCore.h
@@ -77,6 +77,7 @@ namespace rfb {
    static BoolParameter ignoreClientSettingsKasm;
    static BoolParameter selfBench;
    static PresetParameter preferBandwidth;
  };
 };
--- a/common/rfb/VNCSConnectionST.cxx
+++ b/common/rfb/VNCSConnectionST.cxx
@@ -87,16 +87,10 @@ VNCSConnectionST::VNCSConnectionST(VNCServerST* server_, network::Socket *s,
    user[at - peerEndpoint.buf] = '\0';
  }
-  bool read, write, owner;
+  bool write, owner;
-  if (!getPerms(read, write, owner)) {
+  if (!getPerms(write, owner) || !write) {
    accessRights &= ~(WRITER_PERMS | AccessView);
  }
  if (!write) {
    accessRights &= ~WRITER_PERMS;
  }
  if (!read) {
    accessRights &= ~AccessView;
  }
  // Configure the socket
  setSocketTimeouts();
@@ -367,18 +361,17 @@ char *percentEncode4(const uint16_t *str, const unsigned len) {
 }
 static void cliplog(const char *str, const int len, const int origlen,
-                    const char *dir, const char *client, const unsigned id) {
+                    const char *dir, const char *client) {
  if (Server::DLP_ClipLog[0] == 'o')
    return;
  if (Server::DLP_ClipLog[0] == 'i') {
-    vlog.info("DLP: client %s: %s %u (%u requested) clipboard bytes, id %u", client, dir,
+    vlog.info("DLP: client %s: %s %u (%u requested) clipboard bytes", client, dir, len, origlen);
              len, origlen, id);
  } else {
    // URL-encode it
    char *enc = percentEncode(str, len);
-    vlog.info("DLP: client %s: %s %u (%u requested) clipboard bytes, id %u: '%s'",
+    vlog.info("DLP: client %s: %s %u (%u requested) clipboard bytes: '%s'",
-              client, dir, len, origlen, id, enc);
+              client, dir, len, origlen, enc);
    free(enc);
  }
 }
@@ -440,8 +433,7 @@ void VNCSConnectionST::clearBinaryClipboardData()
 void VNCSConnectionST::sendBinaryClipboardDataOrClose(const char* mime,
                                                      const unsigned char *data,
-                                                      const unsigned len,
+                                                      const unsigned len)
                                                      const unsigned id)
 {
  try {
    if (!(accessRights & AccessCutText)) return;
@@ -452,11 +444,10 @@ void VNCSConnectionST::sendBinaryClipboardDataOrClose(const char* mime,
      return;
    }
-    cliplog((const char *) data, len, len, "sent", sock->getPeerAddress(),
+    cliplog((const char *) data, len, len, "sent", sock->getPeerAddress());
            id);
    if (state() != RFBSTATE_NORMAL) return;
-    addBinaryClipboard(mime, data, len, id);
+    addBinaryClipboard(mime, data, len);
    binclipTimer.start(100);
  } catch(rdr::Exception& e) {
    close(e.str());
@@ -712,58 +703,14 @@ void VNCSConnectionST::setPixelFormat(const PixelFormat& pf)
  setCursor();
 }
-void VNCSConnectionST::pointerEvent(const Point& pos, const Point& abspos, int buttonMask, const bool skipClick, const bool skipRelease, int scrollX, int scrollY)
+void VNCSConnectionST::pointerEvent(const Point& pos, int buttonMask, const bool skipClick, const bool skipRelease, int scrollX, int scrollY)
 {
  pointerEventTime = lastEventTime = time(0);
  server->lastUserInputTime = lastEventTime;
-  if (!(accessRights & AccessPtrEvents)) {
+  if (!(accessRights & AccessPtrEvents)) return;
    // This particular event is lost, but it's a corner case - you removed write access
    // from yourself, then added it back. The intended use is for multiple clients,
    // where the leader removes and adds back access for others, not himself.
    recheckPerms();
    return;
  }
  if (!rfb::Server::acceptPointerEvents) return;
  if (!server->pointerClient || server->pointerClient == this) {
-    Point newpos = pos;
+    pointerEventPos = pos;
    if (pos.x & 0x4000) {
      newpos.x &= ~0x4000;
      newpos.y &= ~0x4000;
      if (newpos.x & 0x8000) {
        newpos.x &= ~0x8000;
        newpos.x = -newpos.x;
      }
      if (newpos.y & 0x8000) {
        newpos.y &= ~0x8000;
        newpos.y = -newpos.y;
      }
      if (newpos.x < 0) {
        if (pointerEventPos.x + newpos.x >= 0)
          pointerEventPos.x += newpos.x;
        else
          pointerEventPos.x = 0;
      } else {
        pointerEventPos.x += newpos.x;
        if (pointerEventPos.x >= cp.width)
          pointerEventPos.x = cp.width;
      }
      if (newpos.y < 0) {
        if (pointerEventPos.y + newpos.y >= 0)
          pointerEventPos.y += newpos.y;
        else
          pointerEventPos.y = 0;
      } else {
        pointerEventPos.y += newpos.y;
        if (pointerEventPos.y >= cp.height)
          pointerEventPos.y = cp.height;
      }
    } else {
      pointerEventPos = pos;
    }
    if (buttonMask)
      server->pointerClient = this;
    else
@@ -784,7 +731,7 @@ void VNCSConnectionST::pointerEvent(const Point& pos, const Point& abspos, int b
      }
    }
-    server->desktop->pointerEvent(newpos, pointerEventPos, buttonMask, skipclick, skiprelease, scrollX, scrollY);
+    server->desktop->pointerEvent(pointerEventPos, buttonMask, skipclick, skiprelease, scrollX, scrollY);
  }
 }
@@ -1090,14 +1037,6 @@ void VNCSConnectionST::handleClipboardAnnounceBinary(const unsigned num, const c
  if (!(accessRights & AccessCutText)) return;
  if (!rfb::Server::acceptCutText) return;
  server->handleClipboardAnnounceBinary(this, num, mimes);
  const unsigned tolog = server->clipboardId++;
  if (Server::DLP_ClipLog[0] == 'o')
    return;
  vlog.info("DLP: client %s: %s %u clipboard mimes, id %u",
            sock->getPeerAddress(), "received",
            num, tolog);
 }
 // supportsLocalCursor() is called whenever the status of
@@ -1166,12 +1105,11 @@ bool VNCSConnectionST::isShiftPressed()
  return false;
 }
-bool VNCSConnectionST::getPerms(bool &read, bool &write, bool &owner) const
+bool VNCSConnectionST::getPerms(bool &write, bool &owner) const
 {
  bool found = false;
  if (disablebasicauth) {
    // We're running without basicauth
    read = true;
    write = true;
    return true;
  }
@@ -1180,14 +1118,8 @@ bool VNCSConnectionST::getPerms(bool &read, bool &write, bool &owner) const
    unsigned i;
    for (i = 0; i < set->num; i++) {
      if (!strcmp(set->entries[i].user, user)) {
        read = set->entries[i].read;
        write = set->entries[i].write;
        owner = set->entries[i].owner;
        // Writer can always read
        if (write)
          read = true;
        found = true;
        break;
      }
@@ -1285,29 +1217,18 @@ void VNCSConnectionST::writeFramebufferUpdate()
  if (needsPermCheck) {
    needsPermCheck = false;
-    bool read, write, owner, ret;
+    bool write, owner, ret;
-    ret = getPerms(read, write, owner);
+    ret = getPerms(write, owner);
    if (!ret) {
      close("User was deleted");
      return;
-    }
+    } else if (!write) {
    if (!write) {
      accessRights &= ~WRITER_PERMS;
    } else {
      accessRights |= WRITER_PERMS;
    }
    if (!read) {
      accessRights &= ~AccessView;
    } else {
      accessRights |= AccessView;
    }
  }
  if (!(accessRights & AccessView))
    return;
  // Updates often consists of many small writes, and in continuous
  // mode, we will also have small fence messages around the update. We
  // need to aggregate these in order to not clog up TCP's congestion
@@ -1738,8 +1659,8 @@ bool VNCSConnectionST::checkOwnerConn() const
  std::list<VNCSConnectionST*>::const_iterator it;
  for (it = server->clients.begin(); it != server->clients.end(); it++) {
-    bool read, write, owner;
+    bool write, owner;
-    if ((*it)->getPerms(read, write, owner) && owner)
+    if ((*it)->getPerms(write, owner) && owner)
      return true;
  }
--- a/common/rfb/VNCSConnectionST.h
+++ b/common/rfb/VNCSConnectionST.h
@@ -80,7 +80,7 @@ namespace rfb {
    void announceClipboardOrClose(bool available);
    void clearBinaryClipboardData();
    void sendBinaryClipboardDataOrClose(const char* mime, const unsigned char *data,
-                                        const unsigned len, const unsigned id);
+                                        const unsigned len);
    void getBinaryClipboardData(const char* mime, const unsigned char **data,
                                unsigned *len);
@@ -171,8 +171,8 @@ namespace rfb {
    virtual void handleFrameStats(rdr::U32 all, rdr::U32 render);
    bool is_owner() const {
-      bool read, write, owner;
+      bool write, owner;
-      if (getPerms(read, write, owner) && owner)
+      if (getPerms(write, owner) && owner)
        return true;
      return false;
    }
@@ -207,7 +207,7 @@ namespace rfb {
    virtual void queryConnection(const char* userName);
    virtual void clientInit(bool shared);
    virtual void setPixelFormat(const PixelFormat& pf);
-    virtual void pointerEvent(const Point& pos, const Point& abspos,int buttonMask, const bool skipClick, const bool skipRelease, int scrollX, int scrollY);
+    virtual void pointerEvent(const Point& pos, int buttonMask, const bool skipClick, const bool skipRelease, int scrollX, int scrollY);
    virtual void keyEvent(rdr::U32 keysym, rdr::U32 keycode, bool down);
    virtual void framebufferUpdateRequest(const Rect& r, bool incremental);
    virtual void setDesktopSize(int fb_width, int fb_height,
@@ -227,6 +227,19 @@ namespace rfb {
               (AccessPtrEvents | AccessKeyEvents);
    }
    // setAccessRights() allows a security package to limit the access rights
    // of a VNCSConnectioST to the server.  These access rights are applied
    // such that the actual rights granted are the minimum of the server's
    // default access settings and the connection's access settings.
    virtual void setAccessRights(AccessRights ar) {
        accessRights = ar;
        bool write, owner;
        if (!getPerms(write, owner) || !write)
            accessRights &= ~WRITER_PERMS;
        needsPermCheck = false;
    }
    // Timer callbacks
    virtual bool handleTimeout(Timer* t);
@@ -234,7 +247,7 @@ namespace rfb {
    bool isShiftPressed();
-    bool getPerms(bool &read, bool &write, bool &owner) const;
+    bool getPerms(bool &write, bool &owner) const;
    bool checkOwnerConn() const;
--- a/common/rfb/VNCServerST.cxx
+++ b/common/rfb/VNCServerST.cxx
@@ -131,8 +131,7 @@ VNCServerST::VNCServerST(const char* name_, SDesktop* desktop_)
    renderedCursorInvalid(false),
    queryConnectionHandler(0), keyRemapper(&KeyRemapper::defInstance),
    lastConnectionTime(0), disableclients(false),
-    frameTimer(this), apimessager(NULL), trackingFrameStats(0),
+    frameTimer(this), apimessager(NULL), trackingFrameStats(0)
    clipboardId(0)
 {
  lastUserInputTime = lastDisconnectTime = time(0);
  slog.debug("creating single-threaded server %s", name.buf);
@@ -540,10 +539,8 @@ void VNCServerST::sendBinaryClipboardData(const char* mime, const unsigned char
  std::list<VNCSConnectionST*>::iterator ci, ci_next;
  for (ci = clients.begin(); ci != clients.end(); ci = ci_next) {
    ci_next = ci; ci_next++;
-    (*ci)->sendBinaryClipboardDataOrClose(mime, data, len, clipboardId);
+    (*ci)->sendBinaryClipboardDataOrClose(mime, data, len);
  }
  clipboardId++;
 }
 void VNCServerST::getBinaryClipboardData(const char* mime, const unsigned char **data,
@@ -808,11 +805,49 @@ static void checkAPIMessages(network::GetAPIMessager *apimessager,
    slog.info("Main thread processing user API request %u/%u", i + 1, num);
    const network::GetAPIMessager::action_data &act = apimessager->actionQueue[i];
    struct kasmpasswd_t *set = NULL;
    unsigned s;
    bool found;
    switch (act.action) {
-      case network::GetAPIMessager::NONE:
+      case network::GetAPIMessager::USER_REMOVE:
-        slog.info("Empty request (bug!)");
+        set = readkasmpasswd(kasmpasswdpath);
        found = false;
        for (s = 0; s < set->num; s++) {
          if (!strcmp(set->entries[s].user, act.data.user)) {
            set->entries[s].user[0] = '\0';
            found = true;
            break;
          }
        }
        if (found) {
          writekasmpasswd(kasmpasswdpath, set);
          slog.info("User %s removed", act.data.user);
        } else {
          slog.error("Tried to remove nonexistent user %s", act.data.user);
        }
      break;
      case network::GetAPIMessager::USER_GIVE_CONTROL:
        set = readkasmpasswd(kasmpasswdpath);
        found = false;
        for (s = 0; s < set->num; s++) {
          if (!strcmp(set->entries[s].user, act.data.user)) {
            set->entries[s].write = 1;
            found = true;
          } else {
            set->entries[s].write = 0;
          }
        }
        if (found) {
          writekasmpasswd(kasmpasswdpath, set);
          slog.info("User %s given control", act.data.user);
        } else {
          slog.error("Tried to give control to nonexistent user %s", act.data.user);
        }
      break;
      case network::GetAPIMessager::WANT_FRAME_STATS_SERVERONLY:
        trackingFrameStats = act.action;
      break;
@@ -827,6 +862,11 @@ static void checkAPIMessages(network::GetAPIMessager *apimessager,
        memcpy(trackingClient, act.data.password, 128);
      break;
    }
    if (set) {
      free(set->entries);
      free(set);
    }
  }
  apimessager->actionQueue.clear();
--- a/common/rfb/VNCServerST.h
+++ b/common/rfb/VNCServerST.h
@@ -281,8 +281,6 @@ namespace rfb {
    } DLPRegion;
    void translateDLPRegion(rdr::U16 &x1, rdr::U16 &y1, rdr::U16 &x2, rdr::U16 &y2) const;
    rdr::U32 clipboardId;
  };
 };
--- a/debian/Makefile.to_fakebuild_tar_package
+++ b/debian/Makefile.to_fakebuild_tar_package
@@ -11,19 +11,18 @@ install: unpack_tarball
 	echo "TAR_DATA: $(TAR_DATA)"
 	echo "installing files"
 	mkdir -p $(DESTDIR)/usr/bin $(DESTDIR)/usr/share/man/man1 \
-	  $(DESTDIR)/usr/share/doc/kasmvncserver
+	  $(DESTDIR)/usr/share/doc/kasmvncserver $(DESTDIR)/usr/lib
 	cp $(SRC_BIN)/Xvnc $(DESTDIR)/usr/bin/Xkasmvnc
 	cp $(SRC_BIN)/vncserver $(DESTDIR)/usr/bin/kasmvncserver
 	cp $(SRC_BIN)/vncconfig $(DESTDIR)/usr/bin/kasmvncconfig
 	cp $(SRC_BIN)/kasmvncpasswd $(DESTDIR)/usr/bin/
-	cp $(SRC_BIN)/kasmxproxy $(DESTDIR)/usr/bin/
+	cp -r $(SRC)/lib/kasmvnc/ $(DESTDIR)/usr/lib/kasmvncserver
 	cp -r $(SRC)/share/doc/kasmvnc*/* $(DESTDIR)/usr/share/doc/kasmvncserver/
 	rsync -r --exclude '.git*' --exclude po2js --exclude xgettext-html \
 	  --exclude www/utils/ --exclude .eslintrc \
 	  $(SRC)/share/kasmvnc $(DESTDIR)/usr/share
 	cp $(SRC)/man/man1/Xvnc.1 $(DESTDIR)/usr/share/man/man1/Xkasmvnc.1
 	cp $(SRC)/share/man/man1/vncserver.1 $(DST_MAN)/kasmvncserver.1
 	cp $(SRC)/share/man/man1/kasmxproxy.1 $(DST_MAN)/kasmxproxy.1
 	cp $(SRC)/share/man/man1/vncpasswd.1 $(DST_MAN)/kasmvncpasswd.1
 	cp $(SRC)/share/man/man1/vncconfig.1 $(DST_MAN)/kasmvncconfig.1
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,7 +2,7 @@ kasmvnc (0.9.3~beta-1) unstable; urgency=medium
  * New upstream release.
- -- Kasm Technologies LLC <info@kasmweb.com>  Tue, 22 Mar 2022 09:15:38 +0000
+ -- Dmitry Maksyoma <ledestin@gmail.com>  Fri, 29 Oct 2021 19:16:33 +1300
 kasmvnc (0.9.1~beta-1) unstable; urgency=medium
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: x11
 Priority: optional
 Maintainer: Kasm Technologies LLC <info@kasmweb.com>
 Build-Depends: debhelper (>= 11), rsync, libjpeg-dev, libjpeg-dev, libpng-dev,
-  libtiff-dev, libgif-dev, libavcodec-dev, libssl-dev, libgl1, libxfont2, libsm6, libxext-dev, libxrandr-dev, libxtst-dev, libxcursor-dev, libunwind8
+  libtiff-dev, libgif-dev, libavcodec-dev, libssl-dev, libgl1, libxfont2, libsm6, libunwind8
 Standards-Version: 4.1.3
 Homepage: https://github.com/kasmtech/KasmVNC
 #Vcs-Browser: https://salsa.debian.org/debian/kasmvnc
@@ -12,7 +12,8 @@ Homepage: https://github.com/kasmtech/KasmVNC
 Package: kasmvncserver
 Architecture: amd64 arm64
 Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, ssl-cert, xauth,
-  x11-xkb-utils, xkb-data, procps
+  x11-xkb-utils, xkb-data, procps, libswitch-perl, libyaml-tiny-perl,
  libhash-merge-simple-perl, libscalar-list-utils-perl
 Provides: vnc-server
 Description: VNC server accessible from a web browser
 VNC stands for Virtual Network Computing. It is, in essence, a remote
--- a/debian/postinst
+++ b/debian/postinst
@@ -21,7 +21,7 @@ case "$1" in
    configure)
      bindir=/usr/bin
      mandir=/usr/share/man
-      commands="kasmvncserver kasmvncpasswd kasmvncconfig Xkasmvnc kasmxproxy"
+      commands="kasmvncserver kasmvncpasswd kasmvncconfig Xkasmvnc"
      for kasm_command in $commands; do
        generic_command=`echo "$kasm_command" | sed -e 's/kasm//'`;
--- a/debian/prerm
+++ b/debian/prerm
@@ -21,7 +21,7 @@ case "$1" in
    remove)
      bindir=/usr/bin
      mandir=/usr/share/man
-      commands="kasmvncserver kasmvncpasswd kasmvncconfig Xkasmvnc kasmxproxy"
+      commands="kasmvncserver kasmvncpasswd kasmvncconfig Xkasmvnc"
      for kasm_command in $commands; do
        generic_command=`echo "$kasm_command" | sed -e 's/kasm//'`;
--- a/doc/rfbproto.rst
+++ b/doc/rfbproto.rst
--- a/2
+++ b/2
--- a/opensuse/kasmvncserver.spec
+++ b/opensuse/kasmvncserver.spec
@@ -1,108 +0,0 @@
 Name:           kasmvncserver
 Version:        0.9.3~beta
 Release:        leap15
 Summary:        VNC server accessible from a web browser
 License: GPLv2+
 URL: https://github.com/kasmtech/KasmVNC
 BuildRequires: rsync
 Requires: xauth, libxkbcommon-x11-0, xkeyboard-config, x11-tools, openssl, perl, libpixman-1-0, libnettle6, libjpeg8, libgomp1, libgnutls30, libXfont2-2, libXdmcp6, libglvnd, xkbcomp
 Conflicts: tigervnc, tigervnc-x11vnc
 %description
 VNC stands for Virtual Network Computing. It is, in essence, a remote
 display system which allows you to view a computing `desktop' environment
 not only on the machine where it is running, but from anywhere on the
 Internet and from a wide variety of machine architectures.
 KasmVNC has different goals than TigerVNC:
 Web-based - KasmVNC is designed to provide a web accessible remote desktop.
 It comes with a web server and web-socket server built in. There is no need to
 install other components. Simply run and navigate to your desktop's URL on the
 port you specify. While you can still tun on the legacy VNC port, it is
 disabled by default.
 Security - KasmVNC defaults to HTTPS and allows for HTTP Basic Auth. VNC
 Password authentication is limited by specification to 8 characters and is not
 sufficient for use on an internet accessible remote desktop. Our goal is to
 create a by default secure, web based experience.
 Simplicity - KasmVNC aims at being simple to deploy and configure.
 %prep
 %install
 rm -rf $RPM_BUILD_ROOT
 TARGET_OS=$KASMVNC_BUILD_OS
 TARGET_OS_CODENAME=$KASMVNC_BUILD_OS_CODENAME
 TARBALL=$RPM_SOURCE_DIR/kasmvnc.${TARGET_OS}_${TARGET_OS_CODENAME}.tar.gz
 TAR_DATA=$(mktemp -d)
 tar -xzf "$TARBALL" -C "$TAR_DATA"
 SRC=$TAR_DATA/usr/local
 SRC_BIN=$SRC/bin
 DESTDIR=$RPM_BUILD_ROOT
 DST_MAN=$DESTDIR/usr/share/man/man1
 mkdir -p $DESTDIR/usr/bin $DESTDIR/usr/share/man/man1 \
  $DESTDIR/usr/share/doc/kasmvncserver
 cp $SRC_BIN/Xvnc $DESTDIR/usr/bin;
 cp $SRC_BIN/vncserver $DESTDIR/usr/bin;
 cp $SRC_BIN/vncconfig $DESTDIR/usr/bin;
 cp $SRC_BIN/kasmvncpasswd $DESTDIR/usr/bin;
 cp $SRC_BIN/kasmxproxy $DESTDIR/usr/bin;
 cd $DESTDIR/usr/bin && ln -s kasmvncpasswd vncpasswd;
 cp -r $SRC/share/doc/kasmvnc*/* $DESTDIR/usr/share/doc/kasmvncserver/
 rsync -r --exclude '.git*' --exclude po2js --exclude xgettext-html \
  --exclude www/utils/ --exclude .eslintrc \
  $SRC/share/kasmvnc $DESTDIR/usr/share
 cp $SRC/man/man1/Xvnc.1 $DESTDIR/usr/share/man/man1/;
 cp $SRC/share/man/man1/vncserver.1 $DST_MAN;
 cp $SRC/share/man/man1/vncconfig.1 $DST_MAN;
 cp $SRC/share/man/man1/vncpasswd.1 $DST_MAN;
 cp $SRC/share/man/man1/kasmxproxy.1 $DST_MAN;
 cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %files
 /usr/bin/*
 /usr/share/man/man1/*
 /usr/share/kasmvnc/www
 %license /usr/share/doc/kasmvncserver/LICENSE.TXT
 %doc /usr/share/doc/kasmvncserver/README.md
 %changelog
 * Tue Mar 22 2022 KasmTech <info@kasmweb.com> - 0.9.3~beta-1
 * Fri Feb 12 2021 KasmTech <info@kasmweb.com> - 0.9.1~beta-1
 - Initial release of the rpm package.
 %post
  kasmvnc_group="kasmvnc-cert"
  create_kasmvnc_group() {
    if ! getent group "$kasmvnc_group" >/dev/null; then
 	    groupadd --system "$kasmvnc_group"
    fi
  }
  make_self_signed_certificate() {
    local cert_file=/etc/pki/tls/private/kasmvnc.pem
    [ -f "$cert_file" ] && return 0
    openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
      -keyout "$cert_file" \
      -out "$cert_file" -subj \
      "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
    chgrp "$kasmvnc_group" "$cert_file"
    chmod 640 "$cert_file"
  }
  create_kasmvnc_group
  make_self_signed_certificate
 %postun
  rm -f /etc/pki/tls/private/kasmvnc.pem
--- a/oracle/kasmvncserver.spec
+++ b/oracle/kasmvncserver.spec
@@ -1,108 +0,0 @@
 Name:           kasmvncserver
 Version:        0.9.3~beta
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
 License: GPLv2+
 URL: https://github.com/kasmtech/KasmVNC
 BuildRequires: rsync
 Requires: xorg-x11-xauth, xorg-x11-xkb-utils, xkeyboard-config, xorg-x11-server-utils, openssl, perl
 Conflicts: tigervnc-server, tigervnc-server-minimal
 %description
 VNC stands for Virtual Network Computing. It is, in essence, a remote
 display system which allows you to view a computing `desktop' environment
 not only on the machine where it is running, but from anywhere on the
 Internet and from a wide variety of machine architectures.
 KasmVNC has different goals than TigerVNC:
 Web-based - KasmVNC is designed to provide a web accessible remote desktop.
 It comes with a web server and web-socket server built in. There is no need to
 install other components. Simply run and navigate to your desktop's URL on the
 port you specify. While you can still tun on the legacy VNC port, it is
 disabled by default.
 Security - KasmVNC defaults to HTTPS and allows for HTTP Basic Auth. VNC
 Password authentication is limited by specification to 8 characters and is not
 sufficient for use on an internet accessible remote desktop. Our goal is to
 create a by default secure, web based experience.
 Simplicity - KasmVNC aims at being simple to deploy and configure.
 %prep
 %install
 rm -rf $RPM_BUILD_ROOT
 TARGET_OS=$KASMVNC_BUILD_OS
 TARGET_OS_CODENAME=$KASMVNC_BUILD_OS_CODENAME
 TARBALL=$RPM_SOURCE_DIR/kasmvnc.${TARGET_OS}_${TARGET_OS_CODENAME}.tar.gz
 TAR_DATA=$(mktemp -d)
 tar -xzf "$TARBALL" -C "$TAR_DATA"
 SRC=$TAR_DATA/usr/local
 SRC_BIN=$SRC/bin
 DESTDIR=$RPM_BUILD_ROOT
 DST_MAN=$DESTDIR/usr/share/man/man1
 mkdir -p $DESTDIR/usr/bin $DESTDIR/usr/share/man/man1 \
  $DESTDIR/usr/share/doc/kasmvncserver
 cp $SRC_BIN/Xvnc $DESTDIR/usr/bin;
 cp $SRC_BIN/vncserver $DESTDIR/usr/bin;
 cp $SRC_BIN/vncconfig $DESTDIR/usr/bin;
 cp $SRC_BIN/kasmvncpasswd $DESTDIR/usr/bin;
 cp $SRC_BIN/kasmxproxy $DESTDIR/usr/bin;
 cd $DESTDIR/usr/bin && ln -s kasmvncpasswd vncpasswd;
 cp -r $SRC/share/doc/kasmvnc*/* $DESTDIR/usr/share/doc/kasmvncserver/
 rsync -r --exclude '.git*' --exclude po2js --exclude xgettext-html \
  --exclude www/utils/ --exclude .eslintrc \
  $SRC/share/kasmvnc $DESTDIR/usr/share
 cp $SRC/man/man1/Xvnc.1 $DESTDIR/usr/share/man/man1/;
 cp $SRC/share/man/man1/vncserver.1 $DST_MAN;
 cp $SRC/share/man/man1/vncconfig.1 $DST_MAN;
 cp $SRC/share/man/man1/vncpasswd.1 $DST_MAN;
 cp $SRC/share/man/man1/kasmxproxy.1 $DST_MAN;
 cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %files
 /usr/bin/*
 /usr/share/man/man1/*
 /usr/share/kasmvnc/www
 %license /usr/share/doc/kasmvncserver/LICENSE.TXT
 %doc /usr/share/doc/kasmvncserver/README.md
 %changelog
 * Tue Mar 22 2022 KasmTech <info@kasmweb.com> - 0.9.3~beta-1
 * Fri Feb 12 2021 KasmTech <info@kasmweb.com> - 0.9.1~beta-1
 - Initial release of the rpm package.
 %post
  kasmvnc_group="kasmvnc-cert"
  create_kasmvnc_group() {
    if ! getent group "$kasmvnc_group" >/dev/null; then
 	    groupadd --system "$kasmvnc_group"
    fi
  }
  make_self_signed_certificate() {
    local cert_file=/etc/pki/tls/private/kasmvnc.pem
    [ -f "$cert_file" ] && return 0
    openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
      -keyout "$cert_file" \
      -out "$cert_file" -subj \
      "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
    chgrp "$kasmvnc_group" "$cert_file"
    chmod 640 "$cert_file"
  }
  create_kasmvnc_group
  make_self_signed_certificate
 %postun
  rm -f /etc/pki/tls/private/kasmvnc.pem
--- a/release/maketarball.in
+++ b/release/maketarball.in
@@ -45,12 +45,13 @@ mkdir -p $OUTDIR/man/man1
 make DESTDIR=$TMPDIR/inst install
 if [ $SERVER = 1 ]; then
 	install -m 755 ./unix/kasmxproxy/kasmxproxy $OUTDIR/bin/
 	install -m 755 ./xorg.build/bin/Xvnc $OUTDIR/bin/
 	install -m 644 ./xorg.build/man/man1/Xvnc.1 $OUTDIR/man/man1/Xvnc.1
 	install -m 644 ./xorg.build/man/man1/Xserver.1 $OUTDIR/man/man1/Xserver.1
 	mkdir -p $OUTDIR/lib/dri/
 	install -m 755 ./xorg.build/lib/dri/swrast_dri.so $OUTDIR/lib/dri/
 	mkdir -p $OUTDIR/lib/kasmvnc
 	install -m 755 $SRCDIR/builder/startup/deb/select-de.sh $OUTDIR/lib/kasmvnc
 	mkdir -p $OUTDIR/share/kasmvnc
 	cp -r $SRCDIR/builder/www $OUTDIR/share/kasmvnc/www
 fi
--- a/12
+++ b/12
@@ -0,0 +1,12 @@
 #!/bin/bash
 set -e
 export PYTHONPATH=${PWD}/spec
 RUN_CMD="pipenv run mamba"
 if [[ -n "$1" ]]; then
  $RUN_CMD "$1"
 else
  $RUN_CMD spec/*_spec.py
 fi
--- a/spec/helper/init.py
+++ b/spec/helper/init.py
--- a/spec/helper/spec_helper.py
+++ b/spec/helper/spec_helper.py
@@ -0,0 +1,70 @@
 import os
 import shutil
 import subprocess
 import pexpect
 from path import Path
 from expects import expect, equal
 vncserver_cmd = 'vncserver :1 -cert /etc/ssl/certs/ssl-cert-snakeoil.pem -key /etc/ssl/private/ssl-cert-snakeoil.key -sslOnly -FrameRate=24 -interface 0.0.0.0 -httpd /usr/share/kasmvnc/www -depth 24 -geometry 1280x1050 -log *:stderr:100'
 running_xvnc = False
 def clean_env():
    clean_kasm_users()
    home_dir = os.environ['HOME']
    vnc_dir = os.path.join(home_dir, ".vnc")
    Path(vnc_dir).rmtree(ignore_errors=True)
 def clean_kasm_users():
    home_dir = os.environ['HOME']
    password_file = os.path.join(home_dir, ".kasmpasswd")
    Path(password_file).remove_p()
 def start_xvnc_pexpect(extra_args="", **kwargs):
    global running_xvnc
    # ":;" is a hack. Without it, Xvnc doesn't run. No idea what happens, but
    # when I run top, Xvnc just isn't there. I suspect a race.
    child = pexpect.spawn('/bin/bash',
                          ['-ic', f':;{vncserver_cmd} {extra_args}'],
                          timeout=5, encoding='utf-8', **kwargs)
    running_xvnc = True
    return child
 def start_xvnc(extra_args="", **kwargs):
    global running_xvnc
    completed_process = run_cmd(f'{vncserver_cmd} {extra_args}', **kwargs)
    if completed_process.returncode == 0:
        running_xvnc = True
    return completed_process
 def run_cmd(cmd, **kwargs):
    completed_process = subprocess.run(cmd, shell=True, text=True,
                                       capture_output=True,
                                       executable='/bin/bash', **kwargs)
    if completed_process.returncode != 0:
        print(completed_process.stdout)
        print(completed_process.stderr)
    return completed_process
 def add_kasmvnc_user_docker():
    completed_process = run_cmd('echo -e "password\\npassword\\n" | vncpasswd -u docker')
    expect(completed_process.returncode).to(equal(0))
 def kill_xvnc():
    global running_xvnc
    if not running_xvnc:
        return
    run_cmd('vncserver -kill :1')
    running_xvnc = False
--- a/spec/vncserver_spec.py
+++ b/spec/vncserver_spec.py
@@ -0,0 +1,125 @@
 import os
 import sys
 import pexpect
 from mamba import description, context, it, fit, before, after
 from expects import expect, equal
 from helper.spec_helper import start_xvnc, kill_xvnc, run_cmd, clean_env, \
    add_kasmvnc_user_docker, clean_kasm_users, start_xvnc_pexpect
 # WIP. Plan to move to start_xvnc_pexpect(), because pexpect provides a way to
 # wait for vncserver output. start_xvnc() just blindly prints input to vncserver
 # without knowing what it prints back.
 def select_de(de_name):
    try:
        extra_args = f'-select-de {de_name}'
        completed_process = start_xvnc(extra_args)
        expect(completed_process.returncode).to(equal(0))
    finally:
        kill_xvnc()
 def check_de_was_setup_to_run(de_name):
    completed_process = run_cmd(f'grep -q {de_name} ~/.vnc/xstartup')
    expect(completed_process.returncode).to(equal(0))
 with description('vncserver') as self:
    with before.each:
        clean_env()
    with after.each:
        kill_xvnc()
    with context('on the first run'):
        with before.each:
            add_kasmvnc_user_docker()
        with it('asks user to select a DE'):
            choose_cinnamon = "1\n"
            completed_process = start_xvnc(input=choose_cinnamon)
            expect(completed_process.returncode).to(equal(0))
            check_de_was_setup_to_run('cinnamon')
        with it('asks to select a DE, when ran with -select-de'):
            choose_cinnamon = "1\n"
            completed_process = start_xvnc('-select-de', input=choose_cinnamon)
            expect(completed_process.returncode).to(equal(0))
            check_de_was_setup_to_run('cinnamon')
        with it('selects passed DE with -s'):
            select_de('mate')
            check_de_was_setup_to_run('mate')
    with context('after DE was selected'):
        with before.each:
            add_kasmvnc_user_docker()
        with it("don't ask to choose DE by default"):
            select_de('mate')
            completed_process = start_xvnc()
            expect(completed_process.returncode).to(equal(0))
            check_de_was_setup_to_run('mate')
        with it('asks to select a DE, when ran with -select-de'):
            select_de('mate')
            choose_cinnamon_and_answer_yes = "1\ny\n"
            completed_process = start_xvnc('-select-de',
                                           input=choose_cinnamon_and_answer_yes)
            expect(completed_process.returncode).to(equal(0))
            check_de_was_setup_to_run('cinnamon')
        with it('selects passed DE with -s'):
            select_de('mate')
            completed_process = start_xvnc('-select-de cinnamon')
            expect(completed_process.returncode).to(equal(0))
            check_de_was_setup_to_run('cinnamon')
    with context('guided user creation'):
        with fit('asks to create a user if none exist'):
            clean_kasm_users()
            child = start_xvnc_pexpect('-select-de cinnamon')
            child.expect('Enter username')
            child.sendline()
            child.expect('Password:')
            child.sendline('password')
            child.expect('Verify:')
            child.sendline('password')
            child.expect(pexpect.EOF)
            child.close()
            expect(child.exitstatus).to(equal(0))
            home_dir = os.environ['HOME']
            user = os.environ['USER']
            completed_process = run_cmd(f'grep -qw {user} {home_dir}/.kasmpasswd')
            expect(completed_process.returncode).to(equal(0))
        with fit('specify custom username'):
            custom_username = 'custom_username'
            child = start_xvnc_pexpect('-select-de cinnamon')
            child.logfile_read = sys.stderr
            child.expect('Enter username')
            child.sendline(custom_username)
            child.expect('Password:')
            child.sendline('password')
            child.expect('Verify:')
            child.sendline('password')
            child.expect(pexpect.EOF)
            child.wait()
            # expect(child.exitstatus).to(equal(0))
            home_dir = os.environ['HOME']
            completed_process = run_cmd(f'grep -qw {custom_username} {home_dir}/.kasmpasswd')
            expect(completed_process.returncode).to(equal(0))
            # os.system(f'pgrep Xvnc >/dev/null || cat {home_dir}/.vnc/*.log')
--- a/unix/CMakeLists.txt
+++ b/unix/CMakeLists.txt
@@ -3,7 +3,6 @@ add_subdirectory(common)
 add_subdirectory(vncconfig)
 add_subdirectory(vncpasswd)
 add_subdirectory(kasmvncpasswd)
 add_subdirectory(kasmxproxy)
 install(PROGRAMS vncserver DESTINATION ${BIN_DIR})
 install(FILES vncserver.man DESTINATION ${MAN_DIR}/man1 RENAME vncserver.1)
--- a/unix/kasm-upload-crash-dump.sh
+++ b/unix/kasm-upload-crash-dump.sh
@@ -1,39 +0,0 @@
 #!/bin/sh
 URL=https://to-be-filled.com/path
 die() {
 	echo "$@"
 	exit
 }
 [ "$#" -ne 1 ] && die "Usage: $0 logfile"
 grep -q Backtrace: $1 || die "No crash in log file"
 CURL=`which curl`
 WGET=`which wget`
 [ -n "$CURL" -o -n "$WGET" ] || die "Curl or wget required"
 BIN=`grep vnc $1 | tail -n1 | cut -d: -f2 | cut -d\( -f1`
 [ -f $BIN ] || die "Can't locate binary"
 #
 # prep done, filter the log file
 #
 TMP=`mktemp`
 LANG=C date >> $TMP
 md5sum $BIN >> $TMP
 $BIN -version 2>&1 | grep built >> $TMP
 grep -A200 Backtrace: $1 >> $TMP
 if [ -n "$CURL" ]; then
 	echo curl --data-binary @"$TMP" "$URL"
 else
 	echo wget --post-file "$TMP" "$URL"
 fi
 rm $TMP
--- a/unix/kasmvncpasswd/kasmpasswd.c
+++ b/unix/kasmvncpasswd/kasmpasswd.c
@@ -60,8 +60,6 @@ struct kasmpasswd_t *readkasmpasswd(const char path[]) {
 		strcpy(set->entries[cur].user, buf);
 		strcpy(set->entries[cur].password, pw);
 		if (strchr(perms, 'r'))
 			set->entries[cur].read = 1;
 		if (strchr(perms, 'w'))
 			set->entries[cur].write = 1;
 		if (strchr(perms, 'o'))
@@ -92,17 +90,22 @@ void writekasmpasswd(const char path[], const struct kasmpasswd_t *set) {
 		return;
 	}
 	static const char * const perms[] = {
 		"",
 		"w",
 		"o",
 		"ow"
 	};
 	unsigned i;
 	for (i = 0; i < set->num; i++) {
 		if (!set->entries[i].user[0])
 			continue;
-		fprintf(f, "%s:%s:%s%s%s\n",
+		fprintf(f, "%s:%s:%s\n",
 			set->entries[i].user,
 			set->entries[i].password,
-			set->entries[i].read ? "r" : "",
+			perms[set->entries[i].owner * 2 + set->entries[i].write]);
 			set->entries[i].write ? "w" : "",
 			set->entries[i].owner ? "o" : "");
 	}
 	fsync(fileno(f));
--- a/unix/kasmvncpasswd/kasmpasswd.h
+++ b/unix/kasmvncpasswd/kasmpasswd.h
@@ -8,14 +8,10 @@ extern "C" {
 struct kasmpasswd_entry_t {
 	char user[32];
 	char password[128];
 	unsigned char read : 1;
 	unsigned char write : 1;
 	unsigned char owner : 1;
 };
 #define USERNAME_LEN sizeof(((struct kasmpasswd_entry_t *)0)->user)
 #define PASSWORD_LEN sizeof(((struct kasmpasswd_entry_t *)0)->password)
 struct kasmpasswd_t {
 	struct kasmpasswd_entry_t *entries;
 	unsigned num;
--- a/unix/kasmvncpasswd/kasmvncpasswd.c
+++ b/unix/kasmvncpasswd/kasmvncpasswd.c
@@ -34,7 +34,6 @@
 static void usage(const char *prog)
 {
  fprintf(stderr, "Usage: %s -u username [-wnod] [file]\n"
                  "-r	Read permission\n"
                  "-w	Write permission\n"
                  "-o	Owner\n"
                  "-n	Don't change password, change permissions only\n"
@@ -119,10 +118,10 @@ int main(int argc, char** argv)
 {
  const char *fname = NULL;
  const char *user = NULL;
-  const char args[] = "u:rwnod";
+  const char args[] = "u:wnod";
  int opt;
-  unsigned char nopass = 0, reader = 0, writer = 0, owner = 0, deleting = 0;
+  unsigned char nopass = 0, writer = 0, owner = 0, deleting = 0;
  while ((opt = getopt(argc, argv, args)) != -1) {
    switch (opt) {
@@ -136,9 +135,6 @@ int main(int argc, char** argv)
      case 'n':
        nopass = 1;
      break;
      case 'r':
        reader = 1;
      break;
      case 'w':
        writer = 1;
      break;
@@ -154,7 +150,7 @@ int main(int argc, char** argv)
    }
  }
-  if (deleting && (nopass || reader || writer || owner))
+  if (deleting && (nopass || writer || owner))
    usage(argv[0]);
  if (!user)
@@ -179,7 +175,6 @@ int main(int argc, char** argv)
  if (nopass) {
    for (i = 0; i < set->num; i++) {
      if (!strcmp(set->entries[i].user, user)) {
        set->entries[i].read = reader;
        set->entries[i].write = writer;
        set->entries[i].owner = owner;
@@ -216,7 +211,6 @@ int main(int argc, char** argv)
    strcpy(set->entries[i].user, user);
    strcpy(set->entries[i].password, encrypted);
    set->entries[i].read = reader;
    set->entries[i].write = writer;
    set->entries[i].owner = owner;
--- a/unix/kasmxproxy/.gitignore
+++ b/unix/kasmxproxy/.gitignore
@@ -1 +0,0 @@
 kasmxproxy
--- a/unix/kasmxproxy/CMakeLists.txt
+++ b/unix/kasmxproxy/CMakeLists.txt
@@ -1,11 +0,0 @@
 include_directories(${X11_INCLUDE_DIR})
 add_executable(kasmxproxy
  xxhash.c
  kasmxproxy.c)
 target_link_libraries(kasmxproxy ${X11_LIBRARIES} ${X11_XTest_LIB} ${X11_Xrandr_LIB}
                                 ${X11_Xcursor_LIB} ${X11_Xfixes_LIB})
 install(TARGETS kasmxproxy DESTINATION ${BIN_DIR})
 install(FILES kasmxproxy.man DESTINATION ${MAN_DIR}/man1 RENAME kasmxproxy.1)
--- a/unix/kasmxproxy/kasmxproxy.c
+++ b/unix/kasmxproxy/kasmxproxy.c
@@ -1,530 +0,0 @@
 /* Copyright (C) 2021 Kasm.  All Rights Reserved.
 *
 * This is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this software; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
 * USA.
 */
 #include <getopt.h>
 #include <stdio.h>
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/ipc.h>
 #include <sys/shm.h>
 #include <unistd.h>
 #include <X11/Xatom.h>
 #include <X11/Xlib.h>
 #include <X11/Xutil.h>
 #include <X11/Xcursor/Xcursor.h>
 #include <X11/extensions/Xfixes.h>
 #include <X11/extensions/Xrandr.h>
 #include <X11/extensions/XShm.h>
 #include <X11/extensions/XTest.h>
 #include "xxhash.h"
 #define min(a, b) ((a) < (b) ? (a) : (b))
 static void help(const char name[]) {
 	printf("Usage: %s [opts]\n\n"
 		"-a --app-display disp	App display, default :0\n"
 		"-v --vnc-display disp	VNC display, default :1\n"
 		"\n"
 		"-f --fps fps		FPS, default 30\n"
 		"-r --resize		Enable resize, default disabled.\n"
 		"			Do not enable this if there's a physical screen\n"
 		"			connected to the app display.\n",
 		name);
 	exit(1);
 }
 #define CUT_MAX (16 * 1024)
 static uint8_t cutbuf[CUT_MAX];
 static void supplyselection(Display *disp, const XEvent * const ev, const Atom xa_targets) {
 	XSelectionEvent sev;
 	sev.type = SelectionNotify;
 	sev.display = disp;
 	sev.requestor = ev->xselectionrequest.requestor;
 	sev.selection = ev->xselectionrequest.selection;
 	sev.target = ev->xselectionrequest.target;
 	sev.time = ev->xselectionrequest.time;
 	/*printf("someone wants our clipboard, sel %lu, tgt %lu, prop %lu\n",
 		sev.selection, sev.target,
 		ev.xselectionrequest.property);*/
 	if (ev->xselectionrequest.property == None)
 		sev.property = sev.target;
 	else
 		sev.property = ev->xselectionrequest.property;
 	const uint32_t len = strlen((char *) cutbuf);
 	if (xa_targets != None &&
 			sev.target == xa_targets) {
 		// Which formats can we do
 		Atom tgt[2] = {
 			xa_targets,
 			XA_STRING
 		};
 		XChangeProperty(disp, sev.requestor,
 				ev->xselectionrequest.property,
 				XA_ATOM, 32,
 				PropModeReplace,
 				(unsigned char *) tgt,
 				2);
 		//puts("sent targets");
 	} else {
 		// Data
 		XChangeProperty(disp, sev.requestor,
 				ev->xselectionrequest.property,
 				sev.target, 8,
 				PropModeReplace,
 				cutbuf, len);
 		//printf("sent data, of len %u\n", len);
 	}
 	// Send the notify event
 	XSendEvent(disp, sev.requestor, False, 0,
 			(XEvent *) &sev);
 }
 int main(int argc, char **argv) {
 	const char *appstr = ":0";
 	const char *vncstr = ":1";
 	uint8_t resize = 0;
 	uint8_t fps = 30;
 	const struct option longargs[] = {
 		{"app-display", 1, NULL, 'a'},
 		{"vnc-display", 1, NULL, 'v'},
 		{"resize", 0, NULL, 'r'},
 		{"fps", 1, NULL, 'f'},
 		{NULL, 0, NULL, 0},
 	};
 	while (1) {
 		int c = getopt_long(argc, argv, "a:v:rf:", longargs, NULL);
 		if (c == -1)
 			break;
 		switch (c) {
 			case 'a':
 				appstr = strdup(optarg);
 			break;
 			case 'v':
 				vncstr = strdup(optarg);
 			break;
 			case 'r':
 				resize = 1;
 			break;
 			case 'f':
 				fps = atoi(optarg);
 				if (fps < 1 || fps > 120) {
 					printf("Invalid fps\n");
 					return 1;
 				}
 			break;
 			default:
 				help(argv[0]);
 			break;
 		}
 	}
 	Display *appdisp = XOpenDisplay(appstr);
 	if (!appdisp) {
 		printf("Cannot open display %s\n", appstr);
 		return 1;
 	}
 	if (!XShmQueryExtension(appdisp)) {
 		printf("Display %s lacks SHM extension\n", appstr);
 		return 1;
 	}
 	Display *vncdisp = XOpenDisplay(vncstr);
 	if (!vncdisp) {
 		printf("Cannot open display %s\n", vncstr);
 		return 1;
 	}
 	if (!XShmQueryExtension(vncdisp)) {
 		printf("Display %s lacks SHM extension\n", vncstr);
 		return 1;
 	}
 	const int appscreen = DefaultScreen(appdisp);
 	const int vncscreen = DefaultScreen(vncdisp);
 	Visual *appvis = DefaultVisual(appdisp, appscreen);
 	//Visual *vncvis = DefaultVisual(vncdisp, vncscreen);
 	const int appdepth = DefaultDepth(appdisp, appscreen);
 	const int vncdepth = DefaultDepth(vncdisp, vncscreen);
 	if (appdepth != vncdepth) {
 		printf("Depths don't match, app %u vnc %u\n", appdepth, vncdepth);
 		return 1;
 	}
 	Window approot = DefaultRootWindow(appdisp);
 	Window vncroot = DefaultRootWindow(vncdisp);
 	XWindowAttributes appattr, vncattr;
 	XGCValues gcval;
 	gcval.plane_mask = AllPlanes;
 	gcval.function = GXcopy;
 	GC gc = XCreateGC(vncdisp, vncroot, GCFunction | GCPlaneMask, &gcval);
 	XImage *img = NULL;
 	XShmSegmentInfo shminfo;
 	unsigned imgw = 0, imgh = 0;
 	if (XGrabPointer(vncdisp, vncroot, False,
 				ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
 				GrabModeAsync, GrabModeAsync, None, None,
 				CurrentTime) != Success)
 		return 1;
 	if (XGrabKeyboard(vncdisp, vncroot, False, GrabModeAsync, GrabModeAsync,
 				CurrentTime) != Success)
 		return 1;
 	int xfixesbase, xfixeserrbase;
 	XFixesQueryExtension(appdisp, &xfixesbase, &xfixeserrbase);
 	XFixesSelectSelectionInput(appdisp, approot, XA_PRIMARY,
 					XFixesSetSelectionOwnerNotifyMask);
 	int xfixesbasevnc, xfixeserrbasevnc;
 	XFixesQueryExtension(vncdisp, &xfixesbasevnc, &xfixeserrbasevnc);
 	XFixesSelectSelectionInput(vncdisp, vncroot, XA_PRIMARY,
 					XFixesSetSelectionOwnerNotifyMask);
 	Atom xa_targets_vnc = XInternAtom(vncdisp, "TARGETS", False);
 	Atom xa_targets_app = XInternAtom(appdisp, "TARGETS", False);
 	Window selwin = XCreateSimpleWindow(appdisp, approot, 3, 2, 1, 1, 0, 0, 0);
 	Window vncselwin = XCreateSimpleWindow(vncdisp, vncroot, 3, 2, 1, 1, 0, 0, 0);
 	XFixesCursorImage *cursor = NULL;
 	uint64_t cursorhash = 0;
 	Cursor xcursor = None;
 	const unsigned sleeptime = 1000 * 1000 / fps;
 	while (1) {
 		if (!XGetWindowAttributes(appdisp, approot, &appattr))
 			break;
 		if (!XGetWindowAttributes(vncdisp, vncroot, &vncattr))
 			break;
 		if (resize && (appattr.width != vncattr.width ||
 				appattr.height != vncattr.height)) {
 			// resize app display to VNC display size
 			XRRScreenConfiguration *config = XRRGetScreenInfo(appdisp, approot);
 			int nsizes, i, match = -1;
 			XRRScreenSize *sizes = XRRConfigSizes(config, &nsizes);
 			//printf("%u sizes\n", nsizes);
 			for (i = 0; i < nsizes; i++) {
 				if (sizes[i].width == vncattr.width &&
 					sizes[i].height == vncattr.height) {
 					//printf("match %u\n", i);
 					match = i;
 					break;
 				}
 			}
 			if (match >= 0) {
 				XRRSetScreenConfig(appdisp, config, approot, match,
 							RR_Rotate_0, CurrentTime);
 			} else {
 				/*XRRSetScreenSize(appdisp, approot,
 						vncattr.width, vncattr.height,
 						sizes[0].mwidth, sizes[0].mheight);*/
 				XRRScreenResources *res = XRRGetScreenResources(appdisp, approot);
 				//printf("%u outputs, %u crtcs\n", res->noutput, res->ncrtc);
 				// Nvidia crap uses a *different* list for 1.0 and 1.2!
 				unsigned oldmode = 0xffff;
 				//printf("1.2 modes %u\n", res->nmode);
 				for (i = 0; i < res->nmode; i++) {
 					if (res->modes[i].width == vncattr.width &&
 						res->modes[i].height == vncattr.height) {
 						oldmode = i;
 						//printf("old mode %u matched\n", i);
 						break;
 					}
 				}
 				unsigned tgt = 0;
 				if (res->noutput > 1) {
 					for (i = 0; i < res->noutput; i++) {
 						XRROutputInfo *info = XRRGetOutputInfo(appdisp, res, res->outputs[i]);
 						if (info->connection == RR_Connected)
 							tgt = i;
 						//printf("%u %s %u\n", i, info->name, info->connection);
 						XRRFreeOutputInfo(info);
 					}
 				}
 				if (oldmode < 0xffff) {
 					Status s;
 					// nvidia needs this weird dance
 					s = XRRSetCrtcConfig(appdisp, res, res->crtcs[tgt],
 							CurrentTime,
 							0, 0,
 							None, RR_Rotate_0,
 							NULL, 0);
 					//printf("disable %u\n", s);
 					XRRSetScreenSize(appdisp, approot,
 							vncattr.width, vncattr.height,
 							sizes[0].mwidth, sizes[0].mheight);
 					s = XRRSetCrtcConfig(appdisp, res, res->crtcs[tgt],
 							CurrentTime,
 							0, 0,
 							res->modes[oldmode].id, RR_Rotate_0,
 							&res->outputs[tgt], 1);
 					//printf("set %u\n", s);
 				} else {
 					char name[32];
 					sprintf(name, "%ux%u_60", vncattr.width, vncattr.height);
 					printf("Creating new Mode %s\n", name);
 					XRRModeInfo *mode = XRRAllocModeInfo(name, strlen(name));
 					mode->width = vncattr.width;
 					mode->height = vncattr.height;
 					RRMode rmode = XRRCreateMode(appdisp, approot, mode);
 					XRRAddOutputMode(appdisp,
 								res->outputs[tgt],
 								rmode);
 					XRRFreeModeInfo(mode);
 				}
 				XRRFreeScreenResources(res);
 			}
 			XRRFreeScreenConfigInfo(config);
 		}
 		const unsigned w = min(appattr.width, vncattr.width);
 		const unsigned h = min(appattr.height, vncattr.height);
 		if (w != imgw || h != imgh) {
 			if (img) {
 				XShmDetach(appdisp, &shminfo);
 				XDestroyImage(img);
 				shmdt(shminfo.shmaddr);
 				shmctl(shminfo.shmid, IPC_RMID, NULL);
 			}
 			img = XShmCreateImage(appdisp, appvis, appdepth, ZPixmap,
 						NULL, &shminfo, w, h);
 			if (!img)
 				break;
 			shminfo.shmid = shmget(IPC_PRIVATE,
 						img->bytes_per_line * img->height,
 						IPC_CREAT | 0666);
 			if (shminfo.shmid == -1)
 				break;
 			shminfo.shmaddr = img->data = shmat(shminfo.shmid, 0, 0);
 			shminfo.readOnly = False;
 			if (!XShmAttach(appdisp, &shminfo))
 				break;
 			imgw = w;
 			imgh = h;
 		}
 		XShmGetImage(appdisp, approot, img, 0, 0, 0xffffffff);
 		XPutImage(vncdisp, vncroot, gc, img, 0, 0, 0, 0, w, h);
 		// Handle events
 		while (XPending(vncdisp)) {
 			XEvent ev;
 			XNextEvent(vncdisp, &ev);
 			if (ev.type == xfixesbasevnc + XFixesSelectionNotify) {
 				XFixesSelectionNotifyEvent *xfe =
 					(XFixesSelectionNotifyEvent *) &ev;
 //				printf("vnc disp did a copy, owner %lu, root %lu\n",
 //					xfe->owner, vncroot);
 				if (xfe->owner == None || xfe->owner == vncroot)
 					continue;
 				XConvertSelection(vncdisp, XA_PRIMARY, XA_STRING, XA_STRING,
 							vncselwin, CurrentTime);
 			} else switch (ev.type) {
 				case KeyPress:
 				case KeyRelease:
 					XTestFakeKeyEvent(appdisp, ev.xkey.keycode,
 								ev.type == KeyPress,
 								CurrentTime);
 				break;
 				case ButtonPress:
 				case ButtonRelease:
 					XTestFakeButtonEvent(appdisp, ev.xbutton.button,
 								ev.type == ButtonPress,
 								CurrentTime);
 				break;
 				case MotionNotify:
 					XTestFakeMotionEvent(appdisp, appscreen,
 								ev.xmotion.x,
 								ev.xmotion.y,
 								CurrentTime);
 				break;
 				case SelectionRequest:
 					supplyselection(vncdisp, &ev, xa_targets_vnc);
 				break;
 				case SelectionNotify:
 				{
 					Atom realtype;
 					int fmt;
 					unsigned long nitems, bytes_rem;
 					unsigned char *data;
 					if (XGetWindowProperty(vncdisp, vncselwin,
 								XA_STRING,
 								0, CUT_MAX / 4,
 								False, AnyPropertyType,
 								&realtype, &fmt,
 								&nitems, &bytes_rem,
 								&data) == Success) {
 						if (bytes_rem) {
 							printf("Clipboard too large, ignoring\n");
 						} else {
 							const uint32_t len = nitems * (fmt / 8);
 							//printf("realtype %lu, fmt %u, nitems %lu\n",
 							//	realtype, fmt, nitems);
 							memcpy(cutbuf, data, len);
 							if (len < CUT_MAX)
 								cutbuf[len] = 0;
 							else
 								cutbuf[CUT_MAX - 1] = 0;
 							// Send it to the app screen
 							XSetSelectionOwner(appdisp, XA_PRIMARY,
 										approot,
 										CurrentTime);
 						}
 						XFree(data);
 					} else {
 						printf("Failed to fetch vnc clipboard\n");
 					}
 				}
 				break;
 				case SelectionClear:
 					cutbuf[0] = '\0';
 					XSetSelectionOwner(appdisp, XA_PRIMARY, None,
 								CurrentTime);
 				break;
 				default:
 					printf("Unexpected event type %u\n", ev.type);
 				break;
 			}
 		}
 		// App-side events
 		while (XPending(appdisp)) {
 			XEvent ev;
 			XNextEvent(appdisp, &ev);
 			if (ev.type == xfixesbase + XFixesSelectionNotify) {
 				XFixesSelectionNotifyEvent *xfe =
 					(XFixesSelectionNotifyEvent *) &ev;
 				//printf("app disp did a copy, owner %lu\n", xfe->owner);
 				if (xfe->owner == None || xfe->owner == approot)
 					continue;
 				XConvertSelection(appdisp, XA_PRIMARY, XA_STRING, XA_STRING,
 							selwin, CurrentTime);
 			} else switch (ev.type) {
 				case SelectionNotify:
 				{
 					Atom realtype;
 					int fmt;
 					unsigned long nitems, bytes_rem;
 					unsigned char *data;
 					if (XGetWindowProperty(appdisp, selwin,
 								XA_STRING,
 								0, CUT_MAX / 4,
 								False, AnyPropertyType,
 								&realtype, &fmt,
 								&nitems, &bytes_rem,
 								&data) == Success) {
 						if (bytes_rem) {
 							printf("Clipboard too large, ignoring\n");
 						} else {
 							const uint32_t len = nitems * (fmt / 8);
 							//printf("realtype %lu, fmt %u, nitems %lu\n",
 							//	realtype, fmt, nitems);
 							memcpy(cutbuf, data, len);
 							if (len < CUT_MAX)
 								cutbuf[len] = 0;
 							else
 								cutbuf[CUT_MAX - 1] = 0;
 							// Send it to the VNC screen
 							XSetSelectionOwner(vncdisp, XA_PRIMARY,
 										vncroot,
 										CurrentTime);
 						}
 						XFree(data);
 					} else {
 						printf("Failed to fetch app clipboard\n");
 					}
 				}
 				break;
 				case SelectionRequest:
 					supplyselection(appdisp, &ev, xa_targets_app);
 				break;
 				default:
 					printf("Unexpected app event type %u\n", ev.type);
 				break;
 			}
 		}
 		// Cursors
 		cursor = XFixesGetCursorImage(appdisp);
 		uint64_t newhash = XXH64(cursor->pixels,
 						cursor->width * cursor->height * sizeof(unsigned long),
 						0);
 		if (cursorhash != newhash) {
 			if (cursorhash)
 				XFreeCursor(vncdisp, xcursor);
 			XcursorImage *converted = XcursorImageCreate(cursor->width, cursor->height);
 			converted->xhot = cursor->xhot;
 			converted->yhot = cursor->yhot;
 			unsigned i;
 			for (i = 0; i < cursor->width * cursor->height; i++) {
 				converted->pixels[i] = cursor->pixels[i];
 			}
 			xcursor = XcursorImageLoadCursor(vncdisp, converted);
 			XDefineCursor(vncdisp, vncroot, xcursor);
 			XcursorImageDestroy(converted);
 			cursorhash = newhash;
 		}
 		usleep(sleeptime);
 	}
 	XCloseDisplay(appdisp);
 	XCloseDisplay(vncdisp);
 	return 0;
 }
--- a/unix/kasmxproxy/kasmxproxy.man
+++ b/unix/kasmxproxy/kasmxproxy.man
@@ -1,46 +0,0 @@
 .TH kasmxproxy 1 "" "KasmVNC" "Virtual Network Computing"
 .SH NAME
 kasmxproxy \- proxy an existing X11 display to a KasmVNC display
 .SH SYNOPSIS
 .B kasmxproxy
 .RB [ \-a|\-\-app\-display
 .IR source\-display ]
 .RB [ \-v|\-\-vnc\-display
 .IR destination\-display ]
 .RB [ \-f|\-\-fps
 .IR FPS ]
 .RB [ \-r|\-\-resize ]
 .br
 .SH DESCRIPTION
 .B kasmxproxy
 is used to proxy an x display, usually attached to a physical GPU, to KasmVNC display. This is usually used in the context of providing GPU acceleration to a KasmVNC session.
 .SH OPTIONS
 .TP
 .B \-a, \-\-app\-display \fIsource-display\fP
 Existing X display to proxy.
 Defaults to :0.
 .TP
 .B \-v, \-\-vnc\-display \fIdestination-display\fP
 X display, where source display will be available on.
 Defaults to :1.
 .TP
 .B \-f, \-\-fps \fIframes-per-second\fP
 X display, where the source display will be available on.
 Defaults to 30 frames per second.
 .TP
 .B \-r|\-\-resize
 Enable resizing. WARNING: DO NOT ENABLE IF PHYSICAL DISPLAY IS ATTACHED.
 Disabled by default.
 .SH EXAMPLES
 .TP
 .BI "kasmxproxy -a :1 -v :10 -r"
 .B  Proxy display :1 to display :10, with resizing on.
 .SH AUTHOR
 Kasm Technologies http://kasmweb.com
--- a/unix/kasmxproxy/xxhash.c
+++ b/unix/kasmxproxy/xxhash.c
@@ -1 +0,0 @@
 ../../common/rfb/xxhash.c
--- a/unix/kasmxproxy/xxhash.h
+++ b/unix/kasmxproxy/xxhash.h
@@ -1 +0,0 @@
 ../../common/rfb/xxhash.h
--- a/unix/vncserver
+++ b/unix/vncserver
--- a/unix/vncserver.yaml
+++ b/unix/vncserver.yaml
@@ -0,0 +1,4 @@
 ---
 network:
  ssl:
    pem_certificate: lol
--- a/unix/vncserver_defaults.yaml
+++ b/unix/vncserver_defaults.yaml
@@ -0,0 +1,142 @@
 ---
 desktop:
  resolution:
    width: 1024
    height: 768
  allow_resize: true
  pixel_depth: 16|24|32
 network:
  protocol: http|vnc
  interface: 0.0.0.0
  websocket_port: default
  use_ipv4: true
  use_ipv6: true
  ssl:
    pem_certificate: [/etc/...]
    pem_key: [/etc/...]
    require_ssl: true
 user_session:
  concurrent_connections_mode: always-allow|prompt|block-new-connections|disconnect-current
  approval_dialog_timeout: 10
  force_session_type: shared|exclusive
  new_session_disconnects_existing_exlusive_session: true
  ask_user_to_vet_new_sessions: false
  vetting_dialog_duration: 10
  idle_timeout: never
 keyboard:
  remap_keys:
    - 0x22->0x40
    - 0x24->0x40
  # If NumLock is on (as it usually is), then pressing a key on the numeric
  # keypad while holding the shift key overrides NumLock and instead generates
  # the arrow key (or other navigation key) printed in small print under the big
  # digits.
  ignore_numlock: false
  raw_keyboard: false
 # Mouse, trackpad, etc.
 pointer:
  enabled: true
 runtime_configuration:
  allow_client_to_override_server_settings: true
  allow_override_list:
    - pointer.allow_client_to_override_server_settings
 logging:
  log_writer_name: all|*|<string>
  log_to: stderr|stdout|syslog
  # 0 - silent(?), 100 - most verbose
  level: 0..100
 security:
  brute_force_protection:
    blacklist_threshold: 5
    blacklist_timeout: 10
 data_loss_prevention:
  visible_region:
    top: 10
    left: 10
    right: 40
    bottom: 40
    concealed_region:
      allow_click_down: false
      allow_click_release: false
  clipboard:
    delay_between_operations: none
    # Cut buffers and CLIPBOARD selection.
    server_to_client:
      enabled: true
      size: 10000|unlimited
      primary_clipboard_enabled: false
    client_to_server:
      enabled: true
      size: 10000|unlimited
  keyboard:
    enabled: true
    rate_limit: 1|unlimited
  # LOGS YOUR PRIVATE INFORMATION. Keypresses and clipboard content.
  logging:
    level: off|info|verbose
 # legacy:
 #   pixel_format: 16|24|32
 #   inetd: false
 #   desktop_name: default
 #   rfb_port: 5900
 #   rfb_unix_socket_path:
 #   rfb_unix_mode: 0600
 #   password_file:
 #   password:
 #   plain_user_list:
 #     - foo
 #     - bar
 #   pam_service: vnc
 #   use_protocol_3.3: false
 #   x509_certificate:
 #   x509_key:
 #   gnu_tls_priority: NORMAL
 encoding:
  max_frame_rate: 60
  native_resolution_mode:
    min_quality: 7
    max_quality: 8
    treat_this_quality_level_as_lossless: 10
    prefer_bandwidth_over_quality: false
    rectangle_compress_threads: auto|number
  video_mode:
    jpeg_quality: auto
    webp_quality: auto
    max_resolution:
      width: 1920
      height: 1080
    enter_video_mode:
      time_threshold: 5
      area_threshold: 45
    exit_video_mode:
      time_threshold: 3
    logging:
      level: off|info
    scaling_algorithm: nearest|bilinear|progressive_bilinear
    compare_framebuffer: off|always|auto
    zrle_zlib_level: 0..9
    hextile_improved_compression: true
 server:
  advanced:
    x_font_path: default
    httpd_directory: /usr/share/kasmvnc/www
    kasm_password_file: ~/.kasmpasswd
    x_authtority_file: default
  auto_shutdown:
    no_user_session_timeout: never
    active_user_session_timeout: never
    inactive_user_session_timeout: never
--- a/unix/xserver/hw/vnc/Input.c
+++ b/unix/xserver/hw/vnc/Input.c
@@ -39,7 +39,6 @@
 #include "xkbsrv.h"
 #include "xkbstr.h"
 #include "xserver-properties.h"
 #include "stdbool.h"
 extern _X_EXPORT DevPrivateKey CoreDevicePrivateKey;
 #include <X11/keysym.h>
 #include <X11/Xlib.h>
@@ -67,8 +66,6 @@ static const unsigned short *codeMap;
 static unsigned int codeMapLen;
 static KeySym pressedKeys[256];
 static unsigned int needFree[256];
 static bool freeKeys;
 static int vncPointerProc(DeviceIntPtr pDevice, int onoff);
 static void vncKeyboardBell(int percent, DeviceIntPtr device,
@@ -94,7 +91,7 @@ static void vncKeysymKeyboardEvent(KeySym keysym, int down);
 * Instead we call it from XserverDesktop at an appropriate
 * time.
 */
-void vncInitInputDevice(bool freeKeyMappings)
+void vncInitInputDevice(void)
 {
 	int i, ret;
@@ -113,8 +110,6 @@ void vncInitInputDevice(bool freeKeyMappings)
 	codeMap = code_map_qnum_to_xorgkbd;
 	codeMapLen = code_map_qnum_to_xorgkbd_len;
 #endif
 	freeKeys = freeKeyMappings;
 	memset(needFree, 0, sizeof(needFree));
 	for (i = 0;i < 256;i++)
 		pressedKeys[i] = NoSymbol;
@@ -239,40 +234,6 @@ void vncPointerMove(int x, int y)
 	cursorPosY = y;
 }
 void vncPointerMoveRelative(int x, int y, int absx, int absy)
 {
 	int valuators[2];
 #if XORG < 111
 	int n;
 #endif
 #if XORG >= 110
 	ValuatorMask mask;
 #endif
 //	if (cursorPosX == absx && cursorPosY == absy)
 //		return;
 	valuators[0] = x;
 	valuators[1] = y;
 #if XORG < 110
 	n = GetPointerEvents(eventq, vncPointerDev, MotionNotify, 0,
 	                     POINTER_RELATIVE, 0, 2, valuators);
 	enqueueEvents(vncPointerDev, n);
 #elif XORG < 111
 	valuator_mask_set_range(&mask, 0, 2, valuators);
 	n = GetPointerEvents(eventq, vncPointerDev, MotionNotify, 0,
 	                     POINTER_RELATIVE, &mask);
 	enqueueEvents(vncPointerDev, n);
 #else
 	valuator_mask_set_range(&mask, 0, 2, valuators);
 	QueuePointerEvents(vncPointerDev, MotionNotify, 0,
 	                   POINTER_RELATIVE, &mask);
 #endif
 	cursorPosX = absx;
 	cursorPosY = absy;
 }
 void vncScroll(int x, int y) {
 	ValuatorMask mask;
 	valuator_mask_zero(&mask);
@@ -539,7 +500,6 @@ static void vncKeysymKeyboardEvent(KeySym keysym, int down)
 				pressedKeys[i] = NoSymbol;
 				pressKey(vncKeyboardDev, i, FALSE, "keycode");
 				mieqProcessInputEvents();
 				return;
 			}
 		}
@@ -584,7 +544,7 @@ static void vncKeysymKeyboardEvent(KeySym keysym, int down)
 	/* No matches. Will have to add a new entry... */
 	if (keycode == 0) {
-		keycode = vncAddKeysym(keysym, state, needFree, freeKeys);
+		keycode = vncAddKeysym(keysym, state);
 		if (keycode == 0) {
 			LOG_ERROR("Failure adding new keysym 0x%x", keysym);
 			return;
--- a/unix/xserver/hw/vnc/Input.h
+++ b/unix/xserver/hw/vnc/Input.h
@@ -25,19 +25,16 @@
 #include <stdlib.h>
 #include <X11/X.h>
 #include "stdbool.h"
 #ifdef __cplusplus
 extern "C" {
 #endif
-void vncInitInputDevice(bool freeKeyMappings);
+void vncInitInputDevice(void);
 void vncPointerButtonAction(int buttonMask, const unsigned char skipclick,
                            const unsigned char skiprelease);
 void vncPointerMove(int x, int y);
 void vncPointerMoveRelative(int x, int y, int absx, int absy);
 void vncScroll(int x, int y);
 void vncGetPointerPos(int *x, int *y);
@@ -60,8 +57,7 @@ KeyCode vncKeysymToKeycode(KeySym keysym, unsigned state, unsigned *new_state);
 int vncIsAffectedByNumLock(KeyCode keycode);
-KeyCode vncAddKeysym(KeySym keysym, unsigned state, unsigned int *needfree, bool freeKeys);
+KeyCode vncAddKeysym(KeySym keysym, unsigned state);
 void vncRemoveKeycode(unsigned keycode);
 #ifdef __cplusplus
 }
--- a/Show More
+++ b/Show More