Bug 4321 - Shadow notification can be triggered by random TCP connects
Summary: Shadow notification can be triggered by random TCP connects
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: VSM Agent (show other bugs)
Version: 3.4.0
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.0.0
Assignee: Aaron Sowry
URL:
Keywords: ossman_tester
Depends on:
Blocks: 4341
  Show dependency treegraph
 
Reported: 2012-05-31 09:43 CEST by Aaron Sowry
Modified: 2012-11-28 12:31 CET (History)
0 users

See Also:
Acceptance Criteria:


Attachments

Description Aaron Sowry cendio 2012-05-31 09:43:55 CEST
See issue 13279, for example (this has been flagged a number of other times as well, though). If we can motivate the work somehow, then perhaps we should try to find a solution for this.
Comment 2 Pierre Ossman cendio 2012-06-05 10:36:30 CEST
Ideally we would like to improve the "vncconfig" protocol to get a better view of connected clients, but we probably do not have time for that now. A quick-and-dirty solution is logging something to xinit.log that our scripts can trigger on.
Comment 3 Aaron Sowry cendio 2012-06-27 11:21:35 CEST
At the risk of stating the obvious, the problem here is that we monitor for any and all connections to the Xvnc port, not just ThinLinc connections. Distinguishing between these two either requires some fairly fundamental changes, or a hackish workaround.
Comment 4 Aaron Sowry cendio 2012-06-27 14:11:19 CEST
See also bug #37.

Our Xvnc actually supports the QueryConnect flag, however it doesn't work as expected. After launching Xvnc with this flag and attempting to connect as the first client, the connection is closed with the message:

"Unable to query the local user to accept the connection."

One theory behind this is that the QueryConnect code is an artefact from the VNC server code, which expects there to be a local user available to acknowledge *all* connections. In our case, of course, there is no local user, so this is never going to work.

In WinVNC there is an additional flag, QueryOnlyIfLoggedOn. This *sounds* like what we want; i.e. only query if there is currently a user logged on already. However this flag doesn't seem to be available outside of WinVNC, and may not do what we want anyway.

Sounds like we are back to a quick and dirty solution - probably using tl-shadow-notify to parse xinit.log.
Comment 5 Aaron Sowry cendio 2012-06-28 14:43:58 CEST
We think we can do this by monitoring xinit.log for connects and disconnects. Will send time estimate to Hällsberg.
Comment 6 Aaron Sowry cendio 2012-08-07 10:21:59 CEST
Hällsberg wants us to do this. We will be using the technique mentioned in comment #5 above.
Comment 7 Aaron Sowry cendio 2012-08-23 14:19:48 CEST
Fixed in r25635/r25636.

We should really do this properly one day (bug #37), but this will do for now. Script has been changed to parse xinit.log for Xvnc connect/disconnect strings rather than using netstat. It has also been modified to not tell the user "You are no longer being shadowed!" when someone disconnects, as there may be multiple shadowers.

Tester should test handling of multiple shadowers. Closing.
Comment 8 Aaron Sowry cendio 2012-08-23 14:45:16 CEST
It seems that we're going to need a custom string to parse for, rather than something which is already being logged. Re-opening.
Comment 9 Aaron Sowry cendio 2012-08-23 16:22:03 CEST
(In reply to comment #8)
> It seems that we're going to need a custom string to parse for, rather than
> something which is already being logged. Re-opening.

Done in r25638.
Comment 10 Aaron Sowry cendio 2012-08-27 16:35:03 CEST
Tester should also check if there needs to be anything added to the documentation regarding the new functionality (handling of multiple shadowers).
Comment 11 Pierre Ossman cendio 2012-10-03 10:58:18 CEST
Works fine, even for multiple shadowers.

Tried telnet against the VNC port, and a full vncviewer. Neither triggered a false notification.

Documentation looks fine.

Note You need to log in before you can comment on or make changes to this bug.