diff options
-rw-r--r-- | kvmd/apps/__init__.py | 3 | ||||
-rw-r--r-- | kvmd/apps/vnc/__init__.py | 1 | ||||
-rw-r--r-- | kvmd/apps/vnc/rfb/__init__.py | 11 | ||||
-rw-r--r-- | kvmd/apps/vnc/server.py | 7 |
4 files changed, 16 insertions, 6 deletions
diff --git a/kvmd/apps/__init__.py b/kvmd/apps/__init__.py index cef0a6a4..b03b7893 100644 --- a/kvmd/apps/__init__.py +++ b/kvmd/apps/__init__.py @@ -698,6 +698,9 @@ def _get_config_scheme() -> Dict: "enabled": Option(False, type=valid_bool), "file": Option("/etc/kvmd/vncpasswd", type=valid_abs_file, unpack_as="path"), }, + "vencrypt": { + "enabled": Option(True, type=valid_bool, unpack_as="vencrypt_enabled"), + }, }, }, diff --git a/kvmd/apps/vnc/__init__.py b/kvmd/apps/vnc/__init__.py index a4d616ee..d7e2c68a 100644 --- a/kvmd/apps/vnc/__init__.py +++ b/kvmd/apps/vnc/__init__.py @@ -79,4 +79,5 @@ def main(argv: Optional[List[str]]=None) -> None: vnc_auth_manager=VncAuthManager(**config.auth.vncauth._unpack()), **config.server.keepalive._unpack(), + **config.auth.vencrypt._unpack(), ).run() diff --git a/kvmd/apps/vnc/rfb/__init__.py b/kvmd/apps/vnc/rfb/__init__.py index 0aa13114..102a007d 100644 --- a/kvmd/apps/vnc/rfb/__init__.py +++ b/kvmd/apps/vnc/rfb/__init__.py @@ -67,6 +67,7 @@ class RfbClient(RfbClientStream): # pylint: disable=too-many-instance-attribute height: int, name: str, vnc_passwds: List[str], + vencrypt: bool, none_auth_only: bool, ) -> None: @@ -81,6 +82,7 @@ class RfbClient(RfbClientStream): # pylint: disable=too-many-instance-attribute self._height = height self.__name = name self.__vnc_passwds = vnc_passwds + self.__vencrypt = vencrypt self.__none_auth_only = none_auth_only self.__rfb_version = 0 @@ -229,7 +231,7 @@ class RfbClient(RfbClientStream): # pylint: disable=too-many-instance-attribute async def __handshake_security(self) -> None: sec_types: Dict[int, Tuple[str, Callable]] = {} - if self.__rfb_version > 3: + if self.__vencrypt and self.__rfb_version > 3: sec_types[19] = ("VeNCrypt", self.__handshake_security_vencrypt) if self.__none_auth_only: sec_types[1] = ("None", self.__handshake_security_none) @@ -276,10 +278,9 @@ class RfbClient(RfbClientStream): # pylint: disable=too-many-instance-attribute auth_types[262] = ("VeNCrypt/X509Plain", 2, self.__handshake_security_vencrypt_userpass) auth_types[259] = ("VeNCrypt/TLSPlain", 1, self.__handshake_security_vencrypt_userpass) if self.__vnc_passwds: - # Vinagre не умеет работать с VNC Auth через VeNCrypt, но это его проблемы, - # так как он своеобразно трактует рекомендации VeNCrypt. - # Подробнее: https://bugzilla.redhat.com/show_bug.cgi?id=692048 - # Hint: используйте любой другой нормальный VNC-клиент. + # Некоторые клиенты не умеют работать с нешифрованными соединениями внутри VeNCrypt: + # - https://github.com/LibVNC/libvncserver/issues/458 + # - https://bugzilla.redhat.com/show_bug.cgi?id=692048 auth_types[2] = ("VeNCrypt/VNCAuth", 0, self.__handshake_security_vnc_auth) if self.__tls_ciphers: if self.__x509_cert_path: diff --git a/kvmd/apps/vnc/server.py b/kvmd/apps/vnc/server.py index 64113c11..3d460498 100644 --- a/kvmd/apps/vnc/server.py +++ b/kvmd/apps/vnc/server.py @@ -72,7 +72,7 @@ class _SharedParams: class _Client(RfbClient): # pylint: disable=too-many-instance-attributes - def __init__( # pylint: disable=too-many-arguments + def __init__( # pylint: disable=too-many-arguments,too-many-locals self, reader: asyncio.StreamReader, writer: asyncio.StreamWriter, @@ -89,6 +89,7 @@ class _Client(RfbClient): # pylint: disable=too-many-instance-attributes streamers: List[BaseStreamerClient], vnc_credentials: Dict[str, VncAuthKvmdCredentials], + vencrypt: bool, none_auth_only: bool, shared_params: _SharedParams, ) -> None: @@ -103,6 +104,7 @@ class _Client(RfbClient): # pylint: disable=too-many-instance-attributes x509_cert_path=x509_cert_path, x509_key_path=x509_key_path, vnc_passwds=list(vnc_credentials), + vencrypt=vencrypt, none_auth_only=none_auth_only, **dataclasses.asdict(shared_params), ) @@ -423,6 +425,8 @@ class VncServer: # pylint: disable=too-many-instance-attributes x509_cert_path: str, x509_key_path: str, + vencrypt_enabled: bool, + desired_fps: int, keymap_path: str, @@ -481,6 +485,7 @@ class VncServer: # pylint: disable=too-many-instance-attributes streamers=streamers, vnc_credentials=(await self.__vnc_auth_manager.read_credentials())[0], none_auth_only=none_auth_only, + vencrypt=vencrypt_enabled, shared_params=shared_params, ).run() except Exception: |