search

novnc / noVNC

VNC client web application
https://novnc.com
Other
11.43k stars 2.27k forks source link

Connection to Mac Remote Access terminates unexpectedly during connection #1095

Closed jachstet-sea closed 6 years ago

jachstet-sea commented 6 years ago

Describe the bug The connection to the server is set up, noVNC prompts for the password. When the password is entered, the websocket gets closed and remote access is not possible Connecting to the same machine using TigerVNC 1.8.0 is working fine.

To Reproduce Steps to reproduce the behavior:

  1. Go to the noVNC page
  2. Click on Connect
  3. Enter password when prompted
  4. Observe the connection termination

Expected behavior Remote session should be set up and remote display should be shown

Client:

Server:

Additional context JavaScript log in browser:

>> Display.constructor
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Setting viewport to full display region
<< Display.constructor
Setting viewport to full display region
<< RFB.constructor
New state 'connecting', was ''.
>> RFB.connect
connecting to ws://XX.XX.XX.XX:6080/websockify
<< RFB.connect
>> WebSock.onopen
Server choose sub-protocol: binary
Starting VNC handshake
<< WebSock.onopen
Server ProtocolVersion: 003.889
Sent ProtocolVersion: 003.003
Authenticating using scheme: 2
Server asked for a password
Authentication OK
Screen: 3360x2100, bpp: 32, depth: 24, big_endian: 0, true_color: 1, red_max: 255, green_max: 255, blue_max: 255, red_shift: 16, green_shift: 8, blue_shift: 0
Setting viewport to full display region
Data URI scheme cursor supported
New state 'connected', was 'connecting'.
First FBU latency: 591
>> WebSock.onclose
WebSocket on-close event
New state 'disconnecting', was 'connected'.
>> RFB.disconnect
>> Keyboard.allKeysUp
<< Keyboard.allKeysUp
Encoding stats for this connection:
Encoding stats since page load:
<< RFB.disconnect
New state 'disconnected', was 'disconnecting'.
Clearing disconnect timer
<< WebSock.onclose

websockify 0.8.0 had a line like this in the log: code 400, message Bad request syntax ('\x88\x8f\xfa\xaf\xb1\x15\xf9G\xe5t\x88\xc8\xd4a\xda\xcc\xddz\x89\xca\xd5') with the content changing with every try

jachstet-sea commented 6 years ago

Connection log of TigerVNC (don't know if it helps):

user@host ~ $ vncviewer --Log=*:stderr:100 --PreferredEncoding=Hextile XX.XX.XX.XX:5900

TigerVNC Viewer 64-bit v1.8.0
Built on: 2018-05-16 13:57
Copyright (C) 1999-2017 TigerVNC Team and many others (see README.txt)
See http://www.tigervnc.org for information on TigerVNC.

Wed Jun 20 14:30:34 2018
 Config:      set PreferredEncoding(String) to Hextile
 DecodeManager: Detected 4 CPU core(s)
 DecodeManager: Creating 4 decoder thread(s)
 TcpSocket:   Connecting to XX.XX.XX.XX [XX.XX.XX.XX] port 5900

Wed Jun 20 14:30:35 2018
 CConn:       connected to host XX.XX.XX.XX port 5900
 CConnection: reading protocol version
 CConnection: Server supports RFB protocol version 3.889
 CConnection: Using RFB protocol version 3.8
 CConnection: processing security types message
 CConnection: Server offers security type [unknown secType](30)
 CConnection: Server offers security type [unknown secType](33)
 CConnection: Server offers security type [unknown secType](36)
 CConnection: Server offers security type VncAuth(2)
 CConnection: Server offers security type [unknown secType](35)
 CConnection: Choosing security type VncAuth(2)
 CConnection: processing security message

Wed Jun 20 14:30:37 2018
 CConnection: processing security result message
 CConnection: processing security result message
 CConnection: Authentication success!

Wed Jun 20 14:30:38 2018
 CConnection: reading server initialisation
 CConnection: initialisation done
 PlatformPixelBuffer: Using shared memory XImage
 CConn:       Using pixel format depth 24 (32bpp) little-endian rgb888
 CConn:       Using hextile encoding

Wed Jun 20 14:30:41 2018
 CConn:       Using Tight encoding

Wed Jun 20 14:30:45 2018
 PlatformPixelBuffer: Freeing shared memory XImage
samhed commented 6 years ago

It looks like Apples Remote Access server isn't compatible with normal VNC clients. See #1079

jachstet-sea commented 6 years ago

I've read #1079 but I'm not sure if this is authentication-related (as #1079 is). According to https://github.com/TigerVNC/tigervnc/issues/51#issuecomment-100226374 setting a password helps. This is what I did and noVNC asks me for a password. Also, as I said, connecting via TigerVNC is working so I don't see why it should not be possible using noVNC.

samhed commented 6 years ago

Perhaps I was a bit hasty.. I thought you were running a TigerVNC server on macOS. I see now that you were successfully connecting using TigerVNC's client.

samhed commented 6 years ago

It looks like the server is throwing you out due to this:

code 400, message Bad request syntax 
('\x88\x8f\xfa\xaf\xb1\x15\xf9G\xe5t\x88\xc8\xd4a\xda\xcc\xddz\x89\xca\xd5')

Are there any server logs for Mac Remote Access?

jachstet-sea commented 6 years ago

Ah, do you think the bytes shown there are sent from noVNC to the server?

Yes, I was able to find where macOS logs such stuff. There is one message when opening the connection (first line) and all other lines are printed after I entered the password. I didn't find anything useful in there, though:

Jun 21 08:38:05 com.apple.imklaunchagent): This service is defined to be constantly running and is inherently inefficient.
Jun 21 08:38:05 com.apple.coreservices.UASharedPasteboardProgressUI): Unknown key for Boolean: DrainMessagesAfterFailedInit
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.pluginkit.pkd (lint): Service sets EnableTransactions=false and EnablePressuredExit=true, which makes no sense. Enabling Transactions.
Jun 21 08:38:05 com.apple.UserEventAgent-LoginWindow): This service is defined to be constantly running and is inherently inefficient.
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.universalaccessd (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.VoiceOver (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.AssistiveControl (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.DwellControl (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.universalaccesscontrol (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.noticeboard.agent (lint): EnablePressuredExit is not compatible with KeepAlive=true. Ignoring EnablePressuredExit.
Jun 21 08:38:05 com.apple.noticeboard.agent): This service is defined to be constantly running and is inherently inefficient.
Jun 21 08:38:05 com.apple.xpc.launchd.domain.user.loginwindow.23274.4294967295): com.apple.tiswitcher (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Jun 21 08:38:05 com.apple.coreservices.useractivityd): Unknown key for Boolean: DrainMessagesAfterFailedInit
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeStampingService.xpc/Contents/MacOS/XPCTimeStampingService error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.xpc/Contents/MacOS/com.apple.DictionaryServiceHelper error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/XPCServices/com.apple.hiservices-xpcservice.xpc/Contents/MacOS/com.apple.hiservices-xpcservice error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychainSandboxCheck.xpc/Contents/MacOS/XPCKeychainSandboxCheck error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuthorizeAgent.xpc/Contents/MacOS/IOServiceAuthorizeAgent error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XPCServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.SpeechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeStampingService.xpc, error = 1: Operation not permitted
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Failed to bootstrap path: path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XPCServices/com.apple.SpeechRecognitionCore.brokerd.xpc, error = 1: Operation not permitted
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Failed to bootstrap path: path = /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/XPCServices/com.apple.hiservices-xpcservice.xpc, error = 1: Operation not permitted
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Failed to bootstrap path: path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.xpc, error = 1: Operation not permitted
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Failed to bootstrap path: path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuthorizeAgent.xpc, error = 1: Operation not permitted
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychainSandboxCheck.xpc, error = 1: Operation not permitted
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/XPCServices/com.apple.FCiCloudPrefUpdater.xpc/Contents/MacOS/com.apple.FCiCloudPrefUpdater error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/ToneLibrary.framework/Versions/A/XPCServices/com.apple.tonelibraryd.xpc/Contents/MacOS/com.apple.tonelibraryd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.imfoundation.IMRemoteURLConnectionAgent): Unknown key for integer: _DirtyJetsamMemoryLimit
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/XPCServices/com.apple.iCloudHelper.xpc/Contents/MacOS/com.apple.iCloudHelper error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/AccountsDaemon.framework/XPCServices/DataclassOwnersManager.xpc/Contents/MacOS/DataclassOwnersManager error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/CloudServices.framework/Versions/A/XPCServices/com.apple.sbd.xpc/Contents/MacOS/com.apple.sbd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:05 com.apple.xpc.launchd.domain.pid.SecurityAgent.23284): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/Frameworks/CloudPhotosConfigurationXPC.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Jun 21 08:38:06 Santhosha-MacBook-Pro systemstats[74]: assertion failed: 17F77: systemstats + 914800 [D1E75C38-62CE-3D77-9ED3-5F6D38EF0676]: 0x40
jachstet-sea commented 6 years ago

I also added some more debugging output to rfb.js and it seems that some FBUs are transmitted:


First FBU latency: 616
FBU encoding:0
FBU geo:3360x2100+0x0
FBU handler ret: false
FBU handler ret: true
Timing of full FBU, curr: 10, total: 10, cnt: 1, avg: 10
full FBU round-trip, cur: 634, total: 634, cnt: 1, avg: 634
FBU handler ret: true
Timing of full FBU, curr: 12, total: 22, cnt: 2, avg: 11
FBU handler ret: true
Timing of full FBU, curr: 14, total: 36, cnt: 3, avg: 12
FBU handler ret: true
Timing of full FBU, curr: 15, total: 51, cnt: 4, avg: 12.75
>> WebSock.onclose```
jachstet-sea commented 6 years ago

As I said, the output by websockify is different every time. In most cases, it starts with \x88\x8f:


XX.XX.XX.XX - - [21/Jun/2018 08:37:17] XX.XX.XX.XX: Version hybi-13, base64: 'False'
XX.XX.XX.XX - - [21/Jun/2018 08:37:17] XX.XX.XX.XX: Path: '/websockify'
XX.XX.XX.XX - - [21/Jun/2018 08:37:17] connecting to: XX.XX.XX.XX:5900
XX.XX.XX.XX - - [21/Jun/2018 08:37:23] code 400, message Bad request syntax ('\x88\x8f')
XX.XX.XX.XX - - [21/Jun/2018 08:37:58] XX.XX.XX.XX: Plain non-SSL (ws://) WebSocket connection
XX.XX.XX.XX - - [21/Jun/2018 08:37:58] XX.XX.XX.XX: Version hybi-13, base64: 'False'
XX.XX.XX.XX - - [21/Jun/2018 08:37:58] XX.XX.XX.XX: Path: '/websockify'
XX.XX.XX.XX - - [21/Jun/2018 08:37:58] connecting to: XX.XX.XX.XX:5900
XX.XX.XX.XX - - [21/Jun/2018 08:38:08] code 400, message Bad request version ('\\5\xfasZ=')```
CendioOssman commented 6 years ago

That garbage is unrelated and is because of a websockify bug. Please use the latest git revision of websockify for any further tests.

I'm not able to reproduce the issue here, so the question is what differs with your setup. Could you try a different browser and see if that is a factor?

samhed commented 6 years ago

Closing due to no response.

jachstet-sea commented 5 years ago

I don't know what actually fixed it but it is working in the latest git master as of today 🎉 . Great :D