Track active VNC sessions in status and address CodeRabbit findings

2026-05-19 15:19:55 +00:00 · 2026-05-16 17:06:19 +02:00
parent 9f0aa1ce26
commit 62cf9e873b
12 changed files with 708 additions and 471 deletions
--- a/client/vnc/server/capture_darwin.go
+++ b/client/vnc/server/capture_darwin.go
@@ -285,21 +285,25 @@ func (c *CGCapturer) Capture() (*image.RGBA, error) {
 	case bytesPerPixel == 4 && ds == 2:
 		convertBGRAToRGBADownscale2(img.Pix, img.Stride, src, bytesPerRow, outW, outH)
 	default:
-		convertBGRAToRGBAGeneric(img.Pix, img.Stride, src, bytesPerRow, outW, outH, bytesPerPixel, ds)
+		convertBGRAToRGBAGeneric(img.Pix, img.Stride, src, bytesPerRow, bgraDownscaleParams{outW: outW, outH: outH, bytesPerPixel: bytesPerPixel, ds: ds})
 	}

 	return img, nil
 }

+type bgraDownscaleParams struct {
+	outW, outH, bytesPerPixel, ds int
+}
+
 // convertBGRAToRGBAGeneric is the slow per-pixel fallback for non-4-bytes
 // or non-1/2 downscale formats. Always available regardless of the source
 // format quirks the fast paths optimize for.
-func convertBGRAToRGBAGeneric(dst []byte, dstStride int, src []byte, srcStride, outW, outH, bytesPerPixel, ds int) {
-	for row := 0; row < outH; row++ {
-		srcOff := row * ds * srcStride
+func convertBGRAToRGBAGeneric(dst []byte, dstStride int, src []byte, srcStride int, p bgraDownscaleParams) {
+	for row := 0; row < p.outH; row++ {
+		srcOff := row * p.ds * srcStride
 		dstOff := row * dstStride
-		for col := 0; col < outW; col++ {
-			si := srcOff + col*ds*bytesPerPixel
+		for col := 0; col < p.outW; col++ {
+			si := srcOff + col*p.ds*p.bytesPerPixel
 			di := dstOff + col*4
 			dst[di+0] = src[si+2]
 			dst[di+1] = src[si+1]
--- a/client/vnc/server/capture_windows.go
+++ b/client/vnc/server/capture_windows.go
@@ -321,7 +321,7 @@ func (c *DesktopCapturer) Width() int {
 	c.mu.Lock()
 	w := c.w
 	c.mu.Unlock()
-	if w == 0 {
+	if w == 0 && c.clients.Load() > 0 {
 		_, _ = c.Capture()
 		c.mu.Lock()
 		w = c.w
@@ -331,12 +331,13 @@ func (c *DesktopCapturer) Width() int {
 }

 // Height returns the current screen height, triggering a capture if the
-// worker hasn't initialised yet (see Width).
+// worker hasn't initialised yet (see Width). Returns 0 while no client is
+// connected so callers don't deadlock against a parked worker.
 func (c *DesktopCapturer) Height() int {
 	c.mu.Lock()
 	h := c.h
 	c.mu.Unlock()
-	if h == 0 {
+	if h == 0 && c.clients.Load() > 0 {
 		_, _ = c.Capture()
 		c.mu.Lock()
 		h = c.h
--- a/client/vnc/server/input_windows.go
+++ b/client/vnc/server/input_windows.go
@@ -35,9 +35,10 @@ const (

 	wheelDelta = 120

-	keyeventfKeyUp    = 0x0002
-	keyeventfUnicode  = 0x0004
-	keyeventfScanCode = 0x0008
+	keyeventfExtendedKey = 0x0001
+	keyeventfKeyUp       = 0x0002
+	keyeventfUnicode     = 0x0004
+	keyeventfScanCode    = 0x0008
 )

 // winlogonDesktopName is the name of the Windows secure desktop that hosts the
@@ -234,7 +235,7 @@ func (w *WindowsInputInjector) doInjectKey(keysym uint32, down bool) {
 		flags |= keyeventfKeyUp
 	}
 	if extended {
-		flags |= keyeventfScanCode
+		flags |= keyeventfExtendedKey
 	}
 	sendKeyInput(vk, 0, flags)
 }
--- a/client/vnc/server/rfb.go
+++ b/client/vnc/server/rfb.go
@@ -364,8 +364,8 @@ type rectCoalescer struct {
 	curY                       int
 }

-func newRectCoalescer(cap int) *rectCoalescer {
-	return &rectCoalescer{out: make([][4]int, 0, cap)}
+func newRectCoalescer(capacity int) *rectCoalescer {
+	return &rectCoalescer{out: make([][4]int, 0, capacity)}
 }

 // consume processes one rect from the (row-ordered) input.
--- a/client/vnc/server/server.go
+++ b/client/vnc/server/server.go
@@ -147,6 +147,18 @@ type Server struct {
 	authorizer   *sshauth.Authorizer
 	netstackNet  *netstack.Net
 	agentToken   []byte // raw token bytes for agent-mode auth
+
+	sessionsMu sync.Mutex
+	sessionSeq uint64
+	sessions   map[uint64]ActiveSessionInfo
+}
+
+// ActiveSessionInfo describes a currently connected VNC client.
+type ActiveSessionInfo struct {
+	RemoteAddress string
+	Mode          string
+	Username      string
+	JWTUsername   string
 }

 // vncSession provides capturer and injector for a virtual display session.
@@ -174,9 +186,36 @@ func New(capturer ScreenCapturer, injector InputInjector, password string) *Serv
 		password:   password,
 		authorizer: sshauth.NewAuthorizer(),
 		log:        log.WithField("component", "vnc-server"),
+		sessions:   make(map[uint64]ActiveSessionInfo),
 	}
 }

+// ActiveSessions returns a snapshot of currently connected VNC clients.
+func (s *Server) ActiveSessions() []ActiveSessionInfo {
+	s.sessionsMu.Lock()
+	defer s.sessionsMu.Unlock()
+	out := make([]ActiveSessionInfo, 0, len(s.sessions))
+	for _, info := range s.sessions {
+		out = append(out, info)
+	}
+	return out
+}
+
+func (s *Server) addSession(info ActiveSessionInfo) uint64 {
+	s.sessionsMu.Lock()
+	defer s.sessionsMu.Unlock()
+	s.sessionSeq++
+	id := s.sessionSeq
+	s.sessions[id] = info
+	return id
+}
+
+func (s *Server) removeSession(id uint64) {
+	s.sessionsMu.Lock()
+	defer s.sessionsMu.Unlock()
+	delete(s.sessions, id)
+}
+
 // SetServiceMode enables proxy-to-agent mode for Windows service operation.
 func (s *Server) SetServiceMode(enabled bool) {
 	s.serviceMode = enabled
@@ -408,7 +447,7 @@ func (s *Server) handleConnection(conn net.Conn) {
 		conn.Close()
 		return
 	}
-	connLog, ok := s.authorizeJWT(conn, header, connLog)
+	connLog, jwtUserID, ok := s.authorizeJWT(conn, header, connLog)
 	if !ok {
 		return
 	}
@@ -419,6 +458,14 @@ func (s *Server) handleConnection(conn net.Conn) {
 	}
 	defer sessionCleanup()

+	sessionID := s.addSession(ActiveSessionInfo{
+		RemoteAddress: conn.RemoteAddr().String(),
+		Mode:          modeString(header.mode),
+		Username:      header.username,
+		JWTUsername:   jwtUserID,
+	})
+	defer s.removeSession(sessionID)
+
 	if err := s.validateCapturer(capturer); err != nil {
 		rejectConnection(conn, codeMessage(RejectCodeCapturerError, fmt.Sprintf("screen capturer: %v", err)))
 		connLog.Warnf("capturer not ready: %v", err)
@@ -686,23 +733,24 @@ func (s *Server) verifyAgentToken(conn net.Conn, connLog *log.Entry) bool {
 }

 // authorizeJWT performs JWT validation when auth is enabled. Returns the
-// enriched log entry and ok=false if the connection was rejected.
-func (s *Server) authorizeJWT(conn net.Conn, header *connectionHeader, connLog *log.Entry) (*log.Entry, bool) {
+// enriched log entry, jwt user ID (empty when auth disabled), and ok=false
+// if the connection was rejected.
+func (s *Server) authorizeJWT(conn net.Conn, header *connectionHeader, connLog *log.Entry) (*log.Entry, string, bool) {
 	if s.disableAuth {
-		return connLog, true
+		return connLog, "", true
 	}
 	if s.jwtConfig == nil {
 		rejectConnection(conn, codeMessage(RejectCodeAuthConfig, "auth enabled but no identity provider configured"))
 		connLog.Warn("auth rejected: no identity provider configured")
-		return connLog, false
+		return connLog, "", false
 	}
 	jwtUserID, err := s.authenticateJWT(header)
 	if err != nil {
 		rejectConnection(conn, codeMessage(jwtErrorCode(err), err.Error()))
 		connLog.Warnf("auth rejected: %v", err)
-		return connLog, false
+		return connLog, "", false
 	}
-	return connLog.WithField("jwt_user", jwtUserID), true
+	return connLog.WithField("jwt_user", jwtUserID), jwtUserID, true
 }

 // acquireSessionResources returns the capturer/injector to use for this
@@ -752,3 +800,15 @@ func (s *Server) acquireAttachSession() ScreenCapturer {
 func attachSessionCleanup() {
 	// Attach mode keeps the shared capturer; nothing to release per session.
 }
+
+// modeString returns a human-readable session mode name.
+func modeString(m byte) string {
+	switch m {
+	case ModeAttach:
+		return "attach"
+	case ModeSession:
+		return "session"
+	default:
+		return "unknown"
+	}
+}