View previous topic :: View next topic |
Author |
Message |
baaann Guru
Joined: 23 Jan 2006 Posts: 558 Location: uk
|
Posted: Thu Dec 29, 2022 12:00 pm Post subject: KRDC vnc client not connecting to servers since this update |
|
|
I have an X2go server that we have used to connect to local windows desktops over vnc via krdc and this has worked consistently for years.
Since this weeks updates KRDC will no longer connect to any of the local desktops giving the message
"Authentication failed. Please try again"
This is either via Kwallet integration or manually entering the passwords.
Launched via Konsole the only extra feedback is "KRDC: rfbInitClient failed"
The X2go desktop in use is Lxqt, although I have tried it on an openbox session as well.
Google did not throw up any recent issues, but suggested libvncserver may be to blame and although I couldn't backtrack versions, upon resyncing there was an update available which I installed without making any difference to the connection problem
I have not changed any USE flags and cannot see any obvious system changes that could have impacted it. I have run out of ideas and if anyone has any suggestions they will be mos welcome? |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Thu Dec 29, 2022 12:20 pm Post subject: |
|
|
What is "this update"? Does your system accept arch or ~arch KEYWORDS? What version of krdc did you have previously installed, which one do you have now? Notice there are currently two versions available in Portage.
Notice there is already at least one report for a much older version of krdc upstream: https://bugs.kde.org/show_bug.cgi?id=454036 |
|
Back to top |
|
|
baaann Guru
Joined: 23 Jan 2006 Posts: 558 Location: uk
|
Posted: Thu Dec 29, 2022 3:41 pm Post subject: |
|
|
Thanks for the quick reply Asturm and yes I was remiss in my detail, apologies my gentoo has been pretty much on auto pilot in recent years
asturm wrote: | What is "this update"? |
26th December
emerge.log
asturm wrote: | Does your system accept arch or ~arch KEYWORDS? |
~arch, my emerge --info
Code: | Portage 3.0.42 (python 3.10.9-final-0, default/linux/amd64/17.1/desktop/plasma, gcc-12, glibc-2.36-r6, 5.9.10-gentoo x86_64)
=================================================================
System uname: Linux-5.9.10-gentoo-x86_64-Dual-Core_AMD_Opteron-tm-_Processor_2218_HE-with-glibc2.36
KiB Mem: 8162248 total, 2022204 free
KiB Swap: 8388604 total, 7816980 free
Timestamp of repository gentoo: Wed, 28 Dec 2022 17:15:01 +0000
Head commit of repository gentoo: 083826ff5c235cd313c4e4514e44c5ad963fae05
sh bash 5.2_p15
ld GNU ld (Gentoo 2.39 p5) 2.39.0
app-misc/pax-utils: 1.3.5::gentoo
app-shells/bash: 5.2_p15::gentoo
dev-lang/perl: 5.36.0-r1::gentoo
dev-lang/python: 3.10.9::gentoo, 3.11.1::gentoo
dev-lang/rust: 1.66.0::gentoo
dev-util/cmake: 3.25.1::gentoo
dev-util/meson: 1.0.0::gentoo
sys-apps/baselayout: 2.9::gentoo
sys-apps/openrc: 0.45.2-r2::gentoo
sys-apps/sandbox: 2.29::gentoo
sys-devel/autoconf: 2.13-r7::gentoo, 2.71-r5::gentoo
sys-devel/automake: 1.16.5::gentoo
sys-devel/binutils: 2.39-r4::gentoo
sys-devel/binutils-config: 5.4.1::gentoo
sys-devel/clang: 15.0.6::gentoo
sys-devel/gcc: 12.2.1_p20221224::gentoo
sys-devel/gcc-config: 2.8::gentoo
sys-devel/libtool: 2.4.7-r1::gentoo
sys-devel/lld: 15.0.6::gentoo
sys-devel/llvm: 15.0.6::gentoo
sys-devel/make: 4.4::gentoo
sys-kernel/linux-headers: 6.1::gentoo (virtual/os-headers)
sys-libs/glibc: 2.36-r6::gentoo
Repositories:
gentoo
location: /usr/portage
sync-type: rsync
sync-uri: rsync://rsync.uk.gentoo.org/gentoo-portage
priority: -1000
volatile: True
sync-rsync-verify-jobs: 1
sync-rsync-verify-metamanifest: yes
sync-rsync-verify-max-age: 24
sync-rsync-extra-opts:
myown
location: /usr/local/portage
masters: gentoo
volatile: True
Installed sets: @kde
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="@FREE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=opteron-sse3 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=opteron-sse3 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="ftp://mirror.bytemark.co.uk/gentoo/ http://mirror.bytemark.co.uk/gentoo/ rsync://mirror.bytemark.co.uk/gentoo/ ftp://mirror.qubenet.net/mirror/gentoo/ http://mirror.qubenet.net/mirror/gentoo/ rsync://rsync.mirrorservice.org/www.ibiblio.org/gentoo/ http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/ ftp://ftp.mirrorservice.org/sites/www.ibiblio.org/gentoo/"
LANG="en_GB.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LEX="flex"
LINGUAS="en en_GB"
MAKEOPTS="-j5"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/bash"
USE="3dnow 3dnowext X a52 aac acl acpi activities alsa amd64 bluetooth branding bzip2 cairo cdda cdr cli crypt cups dbus declarative dri dts dvd dvdr elogind encode exif flac fortran gdbm gif gpm gui iconv icu ipv6 jpeg kde kwallet lcms libglvnd libnotify libtirpc mad mmx mmxext mng mp3 mp4 mpeg multilib ncurses nls nptl ogg opengl openmp pam pango pcre pdf plasma png policykit postproc ppds qml qrcode qt5 readline samba sdl seccomp semantic-desktop sound spell split-usr sse sse2 ssl startup-notification svg test-rust thumbnail tiff truetype udev udisks unicode upower usb vorbis vpx widgets wxwidgets x264 xattr xcb xft xml xv xvid zlib" ABI_X86="64" ADA_TARGET="gnat_2021" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="3dnow 3dnowext mmx mmxext sse sse2 sse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev" KERNEL="linux" L10N="en en-GB" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-4 php8-0" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_10" PYTHON_TARGETS="python3_10" RUBY_TARGETS="ruby27" USERLAND="GNU" VIDEO_CARDS="nouveau" VOICEMAIL_STORAGE="file" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EMERGE_DEFAULT_OPTS, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS |
asturm wrote: | What version of krdc did you have previously installed, which one do you have now? Notice there are currently two versions available in Portage. |
Code: | 1670765800: >>> emerge (124 of 140) kde-apps/krdc-22.12.0 to /
1670765800: === (124 of 140) Cleaning (kde-apps/krdc-22.12.0::/usr/portage/kde-apps/krdc/krdc-22.12.0.ebuild)
1670765800: === (124 of 140) Compiling/Merging (kde-apps/krdc-22.12.0::/usr/portage/kde-apps/krdc/krdc-22.12.0.ebuild)
1670765863: === (124 of 140) Merging (kde-apps/krdc-22.12.0::/usr/portage/kde-apps/krdc/krdc-22.12.0.ebuild)
1670765868: >>> AUTOCLEAN: kde-apps/krdc:5
1670765868: === Unmerging... (kde-apps/krdc-22.08.3)
1670765871: >>> unmerge success: kde-apps/krdc-22.08.3
1670765878: === (124 of 140) Post-Build Cleaning (kde-apps/krdc-22.12.0::/usr/portage/kde-apps/krdc/krdc-22.12.0.ebuild)
1670765878: ::: completed emerge (124 of 140) kde-apps/krdc-22.12.0 to / |
This was emerged 11/12/2022, working correctly until the 26/12/2022 update and therefore it would suggest the problem lies with the dependencies
Code: | eix krdc
[I] kde-apps/krdc
Available versions: (5) 22.08.3 (~)22.12.0
{activities debug +handbook +rdp +vnc}
Installed versions: 22.12.0(5)(13:37:41 11/12/22)(activities handbook vnc -debug -rdp)
Homepage: https://apps.kde.org/krdc/
Description: Remote desktop connection (RDP and VNC) client |
Yes it looks similar and the linked bug shows dimension errors which I was receiving on the command line prior to deselecting "Scale to size"
The 26th December update included a lot of rebuilds, of which QT and libvncserver were included, but I cannot remember which builds caused the rebuilds?[/url] |
|
Back to top |
|
|
giro83 n00b
Joined: 24 Aug 2019 Posts: 2
|
Posted: Sat Jan 14, 2023 2:00 am Post subject: |
|
|
Have you fixed your issue yet?
libvncserver is broken for me after a world update yesterday. I fixed my issue by compiling libvncserver with use flag gcrypt (Use dev-libs/libgcrypt as crypto backend). Can you try the same please?
My research so far (I haven't filed a bug yet because I haven't reached RCA yet):
Following a world update, my usual/unchanged vnc client could no longer connect to my x11vnc server on Gentoo. My /etc/x11vnc.pass file did not change throughout this update. The x11vnc log file reported:
14/01/2023 00:02:51 rfbProcessClientSecurityType: executing handler for type 2
14/01/2023 00:02:51 Couldn't read password file: /etc/x11vnc.pass
14/01/2023 00:02:51 rfbAuthProcessClientMessage: password check failed
14/01/2023 00:02:51 rfbClientSendString("password check failed!")
Please note these errors do not strictly mean the file couldn't be accessed, they can mean its contents could not be processed (see source code for libvncserver).
The first thing I noticed is that "x11vnc -storepasswd /etc/x11vnc.pass" no longer worked as intended. Although running the command returned no errors, the password saved in /etc/x11vnc.pass was *NOT* encrypted.
For convenience, here I will say encrypted, but I know the term encrypted is inaccurate (from `man x11vnc`: "...it is NOT encrypted, only obscured with a fixed key...").
Had a look at the source code: x11vnc.c calls store_homedir_passwd(), which calls rfbEncryptAndStorePasswd() in common/vncauth.c (in the lib), which calls encrypt_rfbdes() (again in the lib).
Now, encrypt_rfbdes() does encryption in-place, in the sense 'unsigned char encryptedPasswd[8];' is both used as 'in' and 'out' parameter to encrypt_rfbdes().
This explains my failure of ending up with a clear text password in /etc/x11vnc.pass. It doesn't explain though why the different functions fail to report an error to each other and, ultimately, to the user.
Now... encrypt_rfbdes() exists in many versions in different source files. My problem went away when I enabled use flag gcrypt (Use dev-libs/libgcrypt as crypto backend) for libvncserver.
I assume this will reproduce on my system if I revert the flag. I was short on time tonight, so I could not attach gdb to x11vnc to see where the failure is. The lack of error detection and reporting is concerning.
My versions are:
net-libs/libvncserver-0.9.14 (this is ~amd64)
x11-misc/x11vnc-0.9.16-r7
But I downgraded libvncserver to stable and the issue remained. |
|
Back to top |
|
|
baaann Guru
Joined: 23 Jan 2006 Posts: 558 Location: uk
|
Posted: Wed Feb 08, 2023 12:55 pm Post subject: |
|
|
Sorry for the late response.
I eventually tried removing the passwords from the windows vnc clients and that allowed connection, so I had established that it was a password issue on the server. Unfortunately life got busy and I didn't get back to the issue until now.
As suggested, I have recompiled libvncserver with the USE="gcrypt" and passwords are again accepted, so many thanks for your post |
|
Back to top |
|
|
baaann Guru
Joined: 23 Jan 2006 Posts: 558 Location: uk
|
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Wed Feb 08, 2023 8:35 pm Post subject: |
|
|
giro83 wrote: | The first thing I noticed is that "x11vnc -storepasswd /etc/x11vnc.pass" no longer worked as intended. Although running the command returned no errors, the password saved in /etc/x11vnc.pass was *NOT* encrypted.
For convenience, here I will say encrypted, but I know the term encrypted is inaccurate (from `man x11vnc`: "...it is NOT encrypted, only obscured with a fixed key...").
Had a look at the source code: x11vnc.c calls store_homedir_passwd(), which calls rfbEncryptAndStorePasswd() in common/vncauth.c (in the lib), which calls encrypt_rfbdes() (again in the lib).
Now, encrypt_rfbdes() does encryption in-place, in the sense 'unsigned char encryptedPasswd[8];' is both used as 'in' and 'out' parameter to encrypt_rfbdes().
This explains my failure of ending up with a clear text password in /etc/x11vnc.pass. It doesn't explain though why the different functions fail to report an error to each other and, ultimately, to the user.
Now... encrypt_rfbdes() exists in many versions in different source files. My problem went away when I enabled use flag gcrypt (Use dev-libs/libgcrypt as crypto backend) for libvncserver.
I assume this will reproduce on my system if I revert the flag. I was short on time tonight, so I could not attach gdb to x11vnc to see where the failure is. The lack of error detection and reporting is concerning.
My versions are:
net-libs/libvncserver-0.9.14 (this is ~amd64)
x11-misc/x11vnc-0.9.16-r7
But I downgraded libvncserver to stable and the issue remained. |
@baaann, the above is talking about x11vnc - the server side. It is unclear to me how krdc (client side) would fix things for x11vnc, it is the latter that must declare a usedep on libvncserver[gcrypt]. |
|
Back to top |
|
|
baaann Guru
Joined: 23 Jan 2006 Posts: 558 Location: uk
|
Posted: Thu Feb 09, 2023 9:11 am Post subject: |
|
|
asturm wrote: |
@baaann, the above is talking about x11vnc - the server side. It is unclear to me how krdc (client side) would fix things for x11vnc, it is the latter that must declare a usedep on libvncserver[gcrypt]. |
It is not fixing things for x11vnc, for my use case I am connecting to windows vnc servers. In addition to giro83's example, I found 2 old related KRDC bugs that pointed to their problem being libvncserver
https://bugs.kde.org/show_bug.cgi?id=369545
https://bugs.kde.org/show_bug.cgi?id=383870
KRDC depends on libvncserver for VNC support which is activated by the vnc USE flag and this is confusing at first sight, but the libvncserver package appears to include both libvncserver & libvncclient
https://github.com/LibVNC/libvncserver/releases
Presumably KRDC uses the libvncclient component?
Since rebuilding libvncserver with gcrypt I have only tried connecting to one password protected server and that connected, whereas it did not before. |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Thu Feb 09, 2023 11:47 am Post subject: |
|
|
Yes, that part is clear:
Code: | libkrdc_vncplugin.so => /usr/lib64/qt5/plugins/krdc/libkrdc_vncplugin.so (interpreter => none)
...
libvncclient.so.1 => /usr/lib64/libvncclient.so.1 |
What wasn't without your above confirmation was that indeed also the client part had gained that requirement, or that libvnc(server|client) has been extending the use of gcrypt (it was optional and default disabled for a very long time in Gentoo). |
|
Back to top |
|
|
baaann Guru
Joined: 23 Jan 2006 Posts: 558 Location: uk
|
Posted: Thu Feb 09, 2023 12:35 pm Post subject: |
|
|
asturm wrote: | Yes, that part is clear:
Code: | libkrdc_vncplugin.so => /usr/lib64/qt5/plugins/krdc/libkrdc_vncplugin.so (interpreter => none)
...
libvncclient.so.1 => /usr/lib64/libvncclient.so.1 |
What wasn't without your above confirmation was that indeed also the client part had gained that requirement, or that libvnc(server|client) has been extending the use of gcrypt (it was optional and default disabled for a very long time in Gentoo). |
Ah, my apologies, I had thought the first line of my opening post had explained that the pre Christmas KRDC arrangement had worked flawlessly and ceased to afterwards, but in hindsight I could have been more precise.
Many thanks for your patience and for taking the time |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Sat Feb 18, 2023 2:46 pm Post subject: |
|
|
Please check back in the bug you filed. |
|
Back to top |
|
|
deezel n00b
Joined: 20 Feb 2023 Posts: 1
|
Posted: Mon Feb 20, 2023 1:36 pm Post subject: |
|
|
giro83 wrote: |
libvncserver is broken for me after a world update yesterday. I fixed my issue by compiling libvncserver with use flag gcrypt (Use dev-libs/libgcrypt as crypto backend). Can you try the same please?
|
Whew, thought I was alone with this. Didn't notice it when it happened so was unsure what and when it started. As I use x11vnc I didn't find anything at all when searching back in early January.
Ended up going ssh with port forwarding again, but only allowing localhost connections.
Checking back again on the issue, now I found this thread, so thanks for the fix, sorts it for me as well. |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|