search

LibVNC / x11vnc

a VNC server for real X displays
GNU General Public License v2.0
725 stars 142 forks source link

Issue using connection SSL Vencrypt with ANONTLS and rfbVeNCryptX509Plain #237

Open mdrodrigo opened 1 year ago

mdrodrigo commented 1 year ago

Hello everyone,

I'm encountering an issue when attempting to connect to Weston VNC using the x11vnc reflect method.

How to Reproduce:

I have a system running Wayland+Weston and I'm utilizing VNC with neatvnc 0.6.0. The command line to start the VNC is as follows:

weston --backend vnc --shell=fullscreen-shell.so --vnc-tls-cert /home/root/tls.crt --vnc-tls-key /home/root/tls.key

The TLS keys are generated using the following commands:

openssl genrsa -out tls.key 2048
openssl req -new -key tls.key -out tls.csr
openssl x509 -req -days 365 -signkey tls.key -in tls.csr -out tls.crt
weston --backend vnc --width 1024 --height 768 --vnc-tls-cert tls.crt --vnc-tls-key tls.key

I attempt to connect using x11vnc in reflect mode using the following command line:

x11vnc -reflect 10.5.4.3:5900

However, during the x11vnc handshake with the server, a warning is logged:

x11vnc version: 0.9.16 lastmod: 2019-01-05  pid: 182922
Not opening DISPLAY in -rawfb mode (force via -rawfb +str)
Continuing without X display in -rawfb mode.
rfbGetClient(bitsPerSample=8, samplesPerPixel=3, bytesPerPixel=4)
rawfb: vnc:10.5.4.3:5900
VNC server supports protocol version 3.8 (viewer 3.8)
We have 1 security types to read
0) Received security type 19
Selecting security type 19 (0/1 in the list)
Selected Security Scheme 19
GnuTLS version 3.7.1 initialized.
Got VeNCrypt version 0.2 from server.
We have 1 security types to read
0) Received security type 262
Selecting security type 262 (0/1 in the list)
GetCredential callback is not set. <-------- HERE!
vnc_reflector failed for: vnc:10.5.4.3:5900

Upon investigating the code, I noticed the message GetCredential callback is not set.

In the code at include/rfb/rfbclient.h, the following commentary is present:

/** To support security types that require user input (except VNC password
 * authentication), for example VeNCrypt and MSLogon, this callback function
 * must be set before the authentication. Otherwise, it implies that the
 * caller application does not support it and related security types should
 * be bypassed.
 */
GetCredentialProc GetCredential;

My question is: when using the x509 certification type, do I need to write a specific function to handle this particular protocol?

Regards

bk138 commented 1 year ago

Hi Rodrigo, It could well be that x11vnc did not properly track libvncserver/client development and that the needed call is missing there. I suggest moving the issue over to x11vnc. However, you would need to fix x11vnc yourself as it's currently unmaintained.