Merge branch 'feature/vnc_without_tls' into 'main'

vnc: Disable TLS encryption if server cert and key are not set See merge request wayland/weston!1555
doc: Tie Sphinx -W to Werror configuration
2024-06-29 06:15:29 +00:00 · 2024-06-26 06:13:41 +00:00 · 2024-06-25 17:45:37 +00:00 · 2024-06-21 09:56:18 +02:00 · 2024-06-21 09:56:18 +02:00 · 2024-06-21 09:56:18 +02:00
4 changed files with 47 additions and 34 deletions
--- a/doc/sphinx/meson.build
+++ b/doc/sphinx/meson.build
@ -55,6 +55,7 @@ script_data.set('DOCTREES_DIR', meson.current_build_dir() + '/doctrees')

 script_data.set('DOXYGEN_CONF', meson.current_build_dir() + '/doxygen.ini')
 script_data.set('DOXYGEN_CMD', doxygen.full_path())
+script_data.set('MESON_WERROR', get_option('werror') == true ? 'YES' : 'NO')
 script_data.set('SPHINX_CMD', sphinx.full_path())
 script_doxy_sphinx = configure_file(
 	input: 'run_doxygen_sphinx.sh.in',
--- a/doc/sphinx/run_doxygen_sphinx.sh.in
+++ b/doc/sphinx/run_doxygen_sphinx.sh.in
@ -1,2 +1,9 @@
 #!/bin/sh
-@DOXYGEN_CMD@ @DOXYGEN_CONF@ && @SPHINX_CMD@ -E -W -q -j auto -d @DOCTREES_DIR@ @SRCDIR@ @OUTDIR@
+
+if [ "@MESON_WERROR@" = "YES" ]; then
+	SPHINX_WERROR="-W"
+else
+	SPHINX_WERROR=""
+fi
+
+@DOXYGEN_CMD@ @DOXYGEN_CONF@ && @SPHINX_CMD@ $SPHINX_WERROR -E -q -j auto -d @DOCTREES_DIR@ @SRCDIR@ @OUTDIR@
--- a/libweston/backend-vnc/vnc.c
+++ b/libweston/backend-vnc/vnc.c
@ -1235,40 +1235,44 @@ vnc_backend_create(struct weston_compositor *compositor,
 	nvnc_set_userdata(backend->server, backend, NULL);
 	nvnc_set_name(backend->server, "Weston VNC backend");

-	if (!nvnc_has_auth()) {
-		weston_log("Neat VNC built without TLS support\n");
-		goto err_output;
-	}
-	if (!config->server_cert && !config->server_key) {
-		weston_log("The VNC backend requires a key and a certificate for TLS security"
-			   " (--vnc-tls-cert/--vnc-tls-key)\n");
-		goto err_output;
-	}
-	if (!config->server_cert) {
-		weston_log("Missing TLS certificate (--vnc-tls-cert)\n");
-		goto err_output;
-	}
-	if (!config->server_key) {
-		weston_log("Missing TLS key (--vnc-tls-key)\n");
-		goto err_output;
-	}
+	if (config->server_cert || config->server_key) {
+		if (!nvnc_has_auth()) {
+			weston_log("Neat VNC built without TLS support\n");
+			goto err_output;
+		}
+		if (!config->server_cert) {
+			weston_log("Missing TLS certificate (--vnc-tls-cert)\n");
+			goto err_output;
+		}
+		if (!config->server_key) {
+			weston_log("Missing TLS key (--vnc-tls-key)\n");
+			goto err_output;
+		}

-	ret = nvnc_set_tls_creds(backend->server, config->server_key,
-				 config->server_cert);
-	if (ret) {
-		weston_log("Failed set TLS credentials\n");
-		goto err_output;
-	}
+		ret = nvnc_set_tls_creds(backend->server, config->server_key,
+					 config->server_cert);
+		if (ret) {
+			weston_log("Failed set TLS credentials\n");
+			goto err_output;
+		}

-	ret = nvnc_enable_auth(backend->server, NVNC_AUTH_REQUIRE_AUTH |
-			       NVNC_AUTH_REQUIRE_ENCRYPTION, vnc_handle_auth,
-			       NULL);
-	if (ret) {
-		weston_log("Failed to enable TLS support\n");
-		goto err_output;
-	}
+		ret = nvnc_enable_auth(backend->server, NVNC_AUTH_REQUIRE_AUTH |
+				       NVNC_AUTH_REQUIRE_ENCRYPTION, vnc_handle_auth,
+				       NULL);
+		if (ret) {
+			weston_log("Failed to enable TLS support\n");
+			goto err_output;
+		}

-	weston_log("TLS support activated\n");
+		weston_log("TLS support activated\n");
+	} else {
+		ret = nvnc_enable_auth(backend->server, NVNC_AUTH_REQUIRE_AUTH,
+				       vnc_handle_auth, NULL);
+		if (ret) {
+			weston_log("Failed to enable authentication\n");
+			goto err_output;
+		}
+	}

 	ret = weston_plugin_api_register(compositor, WESTON_VNC_OUTPUT_API_NAME,
 					 &api, sizeof(api));
--- a/man/weston-vnc.man
+++ b/man/weston-vnc.man
@ -36,11 +36,12 @@ reduce network traffic.
 .TP
 \fBtls\-key\fR=\fIfile\fR
 The file containing the key for doing TLS security. To have TLS security you also need
-to ship a file containing a certificate.
+to ship a file containing a certificate. If not specified, VNC will be enabled with password-only
+authentication.
 .TP
 \fBtls\-cert\fR=\fIfile\fR
 The file containing the certificate for doing TLS security. To have TLS security you also need
-to ship a key file.
+to ship a key file. If not specified, VNC will be enabled with password-only authentication.

 .SS Section output
 .TP
Author	SHA1	Message	Date
Lukasz Czechowski	f7a332e67f	Merge branch 'feature/vnc_without_tls' into 'main' vnc: Disable TLS encryption if server cert and key are not set See merge request wayland/weston!1555	2024-06-26 06:13:41 +00:00
Daniel Stone	de669aeb60	doc: Tie Sphinx -W to Werror configuration Only pass -W (warnings are fatal) to Sphinx if we've set Werror in Meson. Signed-off-by: Daniel Stone <daniels@collabora.com> Closes: wayland/weston#917	2024-06-25 17:45:37 +00:00
Lukasz Czechowski	2241df2257	man: Update documentation of tls-cert and tls-key in weston-vnc Document the possibility to enable VNC backend with password-only authentication. Signed-off-by: Lukasz Czechowski <lukasz.czechowski@thaumatec.com>	2024-06-21 09:56:18 +02:00
Lukasz Czechowski	5c3f2465ca	vnc: Enable password authentication in non-TLS mode If VNC is enabled without specifying server certificate and key, TLS won't be actiaved. Use regular passsword authentication instead. Signed-off-by: Lukasz Czechowski <lukasz.czechowski@thaumatec.com>	2024-06-21 09:56:18 +02:00
Lukasz Czechowski	a165cb9143	vnc: Disable TLS encryption if server cert and key are not set Some VNC clients, i.e. noVNC, do not support TLS authentication method. Do not activate TLS if no server certificate and key are provided. This will allow to extend VNC clients compatibility. Signed-off-by: Lukasz Czechowski <lukasz.czechowski@thaumatec.com>	2024-06-21 09:56:18 +02:00