Closed jachstet-sea closed 6 years ago
Connection log of TigerVNC (don't know if it helps):
user@host ~ $ vncviewer --Log=*:stderr:100 --PreferredEncoding=Hextile XX.XX.XX.XX:5900
TigerVNC Viewer 64-bit v1.8.0
Built on: 2018-05-16 13:57
Copyright (C) 1999-2017 TigerVNC Team and many others (see README.txt)
See http://www.tigervnc.org for information on TigerVNC.
Wed Jun 20 14:30:34 2018
Config: set PreferredEncoding(String) to Hextile
DecodeManager: Detected 4 CPU core(s)
DecodeManager: Creating 4 decoder thread(s)
TcpSocket: Connecting to XX.XX.XX.XX [XX.XX.XX.XX] port 5900
Wed Jun 20 14:30:35 2018
CConn: connected to host XX.XX.XX.XX port 5900
CConnection: reading protocol version
CConnection: Server supports RFB protocol version 3.889
CConnection: Using RFB protocol version 3.8
CConnection: processing security types message
CConnection: Server offers security type [unknown secType](30)
CConnection: Server offers security type [unknown secType](33)
CConnection: Server offers security type [unknown secType](36)
CConnection: Server offers security type VncAuth(2)
CConnection: Server offers security type [unknown secType](35)
CConnection: Choosing security type VncAuth(2)
CConnection: processing security message
Wed Jun 20 14:30:37 2018
CConnection: processing security result message
CConnection: processing security result message
CConnection: Authentication success!
Wed Jun 20 14:30:38 2018
CConnection: reading server initialisation
CConnection: initialisation done
PlatformPixelBuffer: Using shared memory XImage
CConn: Using pixel format depth 24 (32bpp) little-endian rgb888
CConn: Using hextile encoding
Wed Jun 20 14:30:41 2018
CConn: Using Tight encoding
Wed Jun 20 14:30:45 2018
PlatformPixelBuffer: Freeing shared memory XImage
It looks like Apples Remote Access server isn't compatible with normal VNC clients. See #1079
I've read #1079 but I'm not sure if this is authentication-related (as #1079 is). According to https://github.com/TigerVNC/tigervnc/issues/51#issuecomment-100226374 setting a password helps. This is what I did and noVNC asks me for a password. Also, as I said, connecting via TigerVNC is working so I don't see why it should not be possible using noVNC.
Perhaps I was a bit hasty.. I thought you were running a TigerVNC server on macOS. I see now that you were successfully connecting using TigerVNC's client.
It looks like the server is throwing you out due to this:
code 400, message Bad request syntax
('\x88\x8f\xfa\xaf\xb1\x15\xf9G\xe5t\x88\xc8\xd4a\xda\xcc\xddz\x89\xca\xd5')
Are there any server logs for Mac Remote Access?
Ah, do you think the bytes shown there are sent from noVNC to the server?
Yes, I was able to find where macOS logs such stuff. There is one message when opening the connection (first line) and all other lines are printed after I entered the password. I didn't find anything useful in there, though:
Jun 21 08:38:05 com.apple.imklaunchagent): This service is defined to be constantly running and is inherently inefficient.
Jun 21 08:38:05 com.apple.coreservices.UASharedPasteboardProgressUI): Unknown key for Boolean: DrainMessagesAfterFailedInit
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.pluginkit.pkd (lint): Service sets EnableTransactions=false and EnablePressuredExit=true, which makes no sense. Enabling Transactions.
Jun 21 08:38:05 com.apple.UserEventAgent-LoginWindow): This service is defined to be constantly running and is inherently inefficient.
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.universalaccessd (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.VoiceOver (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.AssistiveControl (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.DwellControl (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.universalaccesscontrol (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.noticeboard.agent (lint): EnablePressuredExit is not compatible with KeepAlive=true. Ignoring EnablePressuredExit.
Jun 21 08:38:05 com.apple.noticeboard.agent): This service is defined to be constantly running and is inherently inefficient.
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.tiswitcher (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Jun 21 08:38:05 com.apple.coreservices.useractivityd): Unknown key for Boolean: DrainMessagesAfterFailedInit
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeStampingService.xpc/Contents/MacOS/XPCTimeStampingService error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.xpc/Contents/MacOS/com.apple.DictionaryServiceHelper error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/XPCServices/com.apple.hiservices-xpcservice.xpc/Contents/MacOS/com.apple.hiservices-xpcservice error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychainSandboxCheck.xpc/Contents/MacOS/XPCKeychainSandboxCheck error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuthorizeAgent.xpc/Contents/MacOS/IOServiceAuthorizeAgent error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XPCServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.SpeechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeStampingService.xpc, error = 1: Operation not permitted
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Failed to bootstrap path: path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XPCServices/com.apple.SpeechRecognitionCore.brokerd.xpc, error = 1: Operation not permitted
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Failed to bootstrap path: path = /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/XPCServices/com.apple.hiservices-xpcservice.xpc, error = 1: Operation not permitted
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Failed to bootstrap path: path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.xpc, error = 1: Operation not permitted
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Failed to bootstrap path: path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuthorizeAgent.xpc, error = 1: Operation not permitted
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychainSandboxCheck.xpc, error = 1: Operation not permitted
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/XPCServices/com.apple.FCiCloudPrefUpdater.xpc/Contents/MacOS/com.apple.FCiCloudPrefUpdater error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/ToneLibrary.framework/Versions/A/XPCServices/com.apple.tonelibraryd.xpc/Contents/MacOS/com.apple.tonelibraryd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.imfoundation.IMRemoteURLConnectionAgent): Unknown key for integer: _DirtyJetsamMemoryLimit
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/XPCServices/com.apple.iCloudHelper.xpc/Contents/MacOS/com.apple.iCloudHelper error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/AccountsDaemon.framework/XPCServices/DataclassOwnersManager.xpc/Contents/MacOS/DataclassOwnersManager error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/CloudServices.framework/Versions/A/XPCServices/com.apple.sbd.xpc/Contents/MacOS/com.apple.sbd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/Frameworks/CloudPhotosConfigurationXPC.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:06 Santhosha-MacBook-Pro systemstats[74]: assertion failed: 17F77: systemstats + 914800 [D1E75C38-62CE-3D77-9ED3-5F6D38EF0676]: 0x40
I also added some more debugging output to rfb.js and it seems that some FBUs are transmitted:
First FBU latency: 616
FBU encoding:0
FBU geo:3360x2100+0x0
FBU handler ret: false
FBU handler ret: true
Timing of full FBU, curr: 10, total: 10, cnt: 1, avg: 10
full FBU round-trip, cur: 634, total: 634, cnt: 1, avg: 634
FBU handler ret: true
Timing of full FBU, curr: 12, total: 22, cnt: 2, avg: 11
FBU handler ret: true
Timing of full FBU, curr: 14, total: 36, cnt: 3, avg: 12
FBU handler ret: true
Timing of full FBU, curr: 15, total: 51, cnt: 4, avg: 12.75
>> WebSock.onclose```
As I said, the output by websockify is different every time. In most cases, it starts with \x88\x8f:
XX.XX.XX.XX - - [21/Jun/2018 08:37:17] XX.XX.XX.XX: Version hybi-13, base64: 'False'
XX.XX.XX.XX - - [21/Jun/2018 08:37:17] XX.XX.XX.XX: Path: '/websockify'
XX.XX.XX.XX - - [21/Jun/2018 08:37:17] connecting to: XX.XX.XX.XX:5900
XX.XX.XX.XX - - [21/Jun/2018 08:37:23] code 400, message Bad request syntax ('\x88\x8f')
XX.XX.XX.XX - - [21/Jun/2018 08:37:58] XX.XX.XX.XX: Plain non-SSL (ws://) WebSocket connection
XX.XX.XX.XX - - [21/Jun/2018 08:37:58] XX.XX.XX.XX: Version hybi-13, base64: 'False'
XX.XX.XX.XX - - [21/Jun/2018 08:37:58] XX.XX.XX.XX: Path: '/websockify'
XX.XX.XX.XX - - [21/Jun/2018 08:37:58] connecting to: XX.XX.XX.XX:5900
XX.XX.XX.XX - - [21/Jun/2018 08:38:08] code 400, message Bad request version ('\\5\xfasZ=')```
That garbage is unrelated and is because of a websockify bug. Please use the latest git revision of websockify for any further tests.
I'm not able to reproduce the issue here, so the question is what differs with your setup. Could you try a different browser and see if that is a factor?
Closing due to no response.
I don't know what actually fixed it but it is working in the latest git master as of today 🎉 . Great :D
Describe the bug The connection to the server is set up, noVNC prompts for the password. When the password is entered, the websocket gets closed and remote access is not possible Connecting to the same machine using TigerVNC 1.8.0 is working fine.
To Reproduce Steps to reproduce the behavior:
Expected behavior Remote session should be set up and remote display should be shown
Client:
Server:
Additional context JavaScript log in browser:
websockify 0.8.0 had a line like this in the log:
code 400, message Bad request syntax ('\x88\x8f\xfa\xaf\xb1\x15\xf9G\xe5t\x88\xc8\xd4a\xda\xcc\xddz\x89\xca\xd5')
with the content changing with every try