option to disable vencrypt

2025-12-12 01:00:29 +08:00 · 2022-07-20 16:32:38 +03:00 · 2022-07-20 16:32:38 +03:00 · 7cbe4ec2e3
commit 7cbe4ec2e3
parent c58cc99582
4 changed files with 16 additions and 6 deletions
--- a/kvmd/apps/init.py
+++ b/kvmd/apps/init.py
@ -698,6 +698,9 @@ def _get_config_scheme() -> Dict:
                    "enabled": Option(False, type=valid_bool),
                    "file":    Option("/etc/kvmd/vncpasswd", type=valid_abs_file, unpack_as="path"),
                },
+                "vencrypt": {
+                    "enabled": Option(True, type=valid_bool, unpack_as="vencrypt_enabled"),
+                },
            },
        },

--- a/kvmd/apps/vnc/init.py
+++ b/kvmd/apps/vnc/init.py
@ -79,4 +79,5 @@ def main(argv: Optional[List[str]]=None) -> None:
        vnc_auth_manager=VncAuthManager(**config.auth.vncauth._unpack()),

        **config.server.keepalive._unpack(),
+        **config.auth.vencrypt._unpack(),
    ).run()
--- a/kvmd/apps/vnc/rfb/init.py
+++ b/kvmd/apps/vnc/rfb/init.py
@ -67,6 +67,7 @@ class RfbClient(RfbClientStream):  # pylint: disable=too-many-instance-attribute
        height: int,
        name: str,
        vnc_passwds: List[str],
+        vencrypt: bool,
        none_auth_only: bool,
    ) -> None:

@ -81,6 +82,7 @@ class RfbClient(RfbClientStream):  # pylint: disable=too-many-instance-attribute
        self._height = height
        self.__name = name
        self.__vnc_passwds = vnc_passwds
+        self.__vencrypt = vencrypt
        self.__none_auth_only = none_auth_only

        self.__rfb_version = 0
@ -229,7 +231,7 @@ class RfbClient(RfbClientStream):  # pylint: disable=too-many-instance-attribute

    async def __handshake_security(self) -> None:
        sec_types: Dict[int, Tuple[str, Callable]] = {}
-        if self.__rfb_version > 3:
+        if self.__vencrypt and self.__rfb_version > 3:
            sec_types[19] = ("VeNCrypt", self.__handshake_security_vencrypt)
        if self.__none_auth_only:
            sec_types[1] = ("None", self.__handshake_security_none)
@ -276,10 +278,9 @@ class RfbClient(RfbClientStream):  # pylint: disable=too-many-instance-attribute
                    auth_types[262] = ("VeNCrypt/X509Plain", 2, self.__handshake_security_vencrypt_userpass)
                auth_types[259] = ("VeNCrypt/TLSPlain", 1, self.__handshake_security_vencrypt_userpass)
            if self.__vnc_passwds:
-                # Vinagre не умеет работать с VNC Auth через VeNCrypt, но это его проблемы,
-                # так как он своеобразно трактует рекомендации VeNCrypt.
-                # Подробнее: https://bugzilla.redhat.com/show_bug.cgi?id=692048
-                # Hint: используйте любой другой нормальный VNC-клиент.
+                # Некоторые клиенты не умеют работать с нешифрованными соединениями внутри VeNCrypt:
+                #   - https://github.com/LibVNC/libvncserver/issues/458
+                #   - https://bugzilla.redhat.com/show_bug.cgi?id=692048
                auth_types[2] = ("VeNCrypt/VNCAuth", 0, self.__handshake_security_vnc_auth)
                if self.__tls_ciphers:
                    if self.__x509_cert_path:
--- a/kvmd/apps/vnc/server.py
+++ b/kvmd/apps/vnc/server.py
@ -72,7 +72,7 @@ class _SharedParams:


 class _Client(RfbClient):  # pylint: disable=too-many-instance-attributes
-    def __init__(  # pylint: disable=too-many-arguments
+    def __init__(  # pylint: disable=too-many-arguments,too-many-locals
        self,
        reader: asyncio.StreamReader,
        writer: asyncio.StreamWriter,
@ -89,6 +89,7 @@ class _Client(RfbClient):  # pylint: disable=too-many-instance-attributes
        streamers: List[BaseStreamerClient],

        vnc_credentials: Dict[str, VncAuthKvmdCredentials],
+        vencrypt: bool,
        none_auth_only: bool,
        shared_params: _SharedParams,
    ) -> None:
@ -103,6 +104,7 @@ class _Client(RfbClient):  # pylint: disable=too-many-instance-attributes
            x509_cert_path=x509_cert_path,
            x509_key_path=x509_key_path,
            vnc_passwds=list(vnc_credentials),
+            vencrypt=vencrypt,
            none_auth_only=none_auth_only,
            **dataclasses.asdict(shared_params),
        )
@ -423,6 +425,8 @@ class VncServer:  # pylint: disable=too-many-instance-attributes
        x509_cert_path: str,
        x509_key_path: str,

+        vencrypt_enabled: bool,
+
        desired_fps: int,
        keymap_path: str,

@ -481,6 +485,7 @@ class VncServer:  # pylint: disable=too-many-instance-attributes
                    streamers=streamers,
                    vnc_credentials=(await self.__vnc_auth_manager.read_credentials())[0],
                    none_auth_only=none_auth_only,
+                    vencrypt=vencrypt_enabled,
                    shared_params=shared_params,
                ).run()
            except Exception: