[Kaboodle-devel] 25 Feb 2002 Status report

[Igor Kotelevsky]

Hello Scott.   > One trouble here: the display/port data field is greyed out when I'm > using Kaboodle to start up a VNC viewer. Some servers (which I do not have > control over) on my LAN may be running on 5901, display 2, or something > else. So I need access to this data field.   Ok. Now the user should be allowed to change it when is pleased.   >>Igor: >>If Kaboodle is used to startup the VNC server on PC1, Kaboodle really don't >>startup the VNC server at the own startup. Kaboodle listen TCP connection >>from other Kaboodle on PC2. When it occur, Kaboodle startup VNC server for >>loopback connection... >>I inspected different combinations of VNC server registry key WinVNC3 and it >>seems that only >>AllowLoopback=1 >>LoopbackOnly=0 >>is cool. >>But if there is not string -:+MyIpAddress in value AutoHosts, then other PCn >>machine can connect to VNC server on PC1. If we want "Allow ONLY Kaboodle >>users to connect to this machine" string -:+MyIpAddress is need. >>If Kaboodle on PC1 is not controlling the startup of the VNC, ... Kaboodle >>don't control VNC server on PC1 at all times.   >Scott. > If Kaboodle is controlling the startup of the VNC server, the >registry settings should be AllowLoopback=1 and LoopbackOnly=1. Also, if >Kaboodle is controlling the startup if the VNC server, then effectively, the >only users who can connect are *already* Kaboodle users. > This means the "Allow ONLY Kaboodle users to connect to this >machine" is only useful if the "Kaboodle is used to startup the VNC server" >button is *not* selected. Please set it up so that the choices are greyed >out accordingly. > If the user chooses the "Allow ONLY Kaboodle users to connect to >this machine" option, Kaboodle should put "-:+KaboodleIP1:KaboodleIP2..." >into the registry, for as many Kaboodle instances as there are on the LAN. >Every time a new Kaboodle machine is detected, the registry entry should be updated. > Finally, when the user chooses "Allow ONLY Kaboodle users to >connect to this machine" option, Kaboodle should prompt the user "Please >stop and restart your VNC server for this effect to take place". I'm >investigating now how Kaboodle can get the server to re-read the registry >settings without restarting.   I want to make clear the details of VNC-sessions under Kaboodle control.   -------PC1-----------------                                   ----------PC2------------------ I                                 I                                   I                                       I I                                 I                                   I                                       I I                                 I    ...........................    I                                       I I Kaboodle Vnc viewer I..... TCP socket        .....I Kaboodle control             I I                                 I    . (with encryption) .   I Vnc-session                   I I                                 I    . between              .  I                                      I I TCP socket between  I    . PC1 Kaboodle     .  I TCP socket between       I I PC1 Kaboodle           I    . and                    .  I PC2 Kaboodle                 I I and PC1 Vnc viewer  I    . PC2 Kaboodle     .  I and PC2 WinVnc server  I I                                 I    ...........................    I                                      I I                                 I                                   I                                      I I Vnc viewer on PC1   I                                    I WinVnc server on PC2   I I                                I                                    I                                      I I                                I                                    I                                      I ----------------------------                                    ---------------------------------   On PC2 Kaboodle user checks "Use Kaboodle to control the startup Vnc server". This means following. PC2 Kaboodle create TCP socket in listen mode (with encryption) on port number "Connect to partner Kaboodle on port" and listen...   On PC1 Kaboodle user open PropertyTab VNC setup for PC2 and click button "Connect". This means following. PC1 Kaboodle create TCP socket in viewer mode (with encryption) on port number "Connect to partner Kaboodle on port" and connect to PC2.   After this TCP connection (with encryption) it is stated, then... - PC1 Kaboodle startup Vnc viewer for own IP address, create TCP socket between PC1 Kaboodle and PC1 Vnc viewer, redirects all data between this sockets. - PC2 Kaboodle startup WinVnc server, create TCP socket between PC2 Kaboodle and PC2 WinVnc server, redirects all data between this sockets. In that description I has missed some detail: packing/unpacking data, encrypt/decrypt data and etc.   Now about your offers.   WinVNC3 server registry key about. I don't know all details how WinVNC3 works. But if Kaboodle set registry settings AllowLoopback=1 and LoopbackOnly=1 - successful VNC-sessions not will. It seems strange for me, but it is so. You can check it. Open file EF\ModifyRegWinVNC.cpp. There is function bool CModifyRegWinVNC::StoreAndSetWinVncKeyForKaboodle(). It have line bool bRes = reg.WriteAllowLoopback(1) && reg.WriteLoopbackOnly(0); If we change it bool bRes = reg.WriteAllowLoopback(1) && reg.WriteLoopbackOnly(1) - successful VNC-sessions not will... May be I have old version of WinVnc and above is WinVnc bug? (My version is "WinVNC Version 3.3.3 R9"). If it is so, please send me your version of VNC.   Next. >"Allow ONLY Kaboodle users to connect to this machine"... > PC2 Kaboodle put "-:+KaboodleIP1:KaboodleIP2..." in registry... Yes, it seems I understand you now and work on this.   >> >9. Remote VNC server password are  stored... >> >Status: implemented. > Great, glad it's encrypted. Are there any permissions set on it >though? I recall the registry can have "full control" and "read only" and >other things not often used.   Yes, user must have registry "full control" (updating possibility) for registry key HKEY_LOCAL_MACHINE\SOFTWARE\KABOODLE\...   > That's an interesting idea: saving the session cache of "VNC >running auto-detect for PCn machine" is very good. > Right now, though, at startup, no VNC server scan is happening. >So how about this: the current scan method uses N*100 threads because it >checks ports 5900-5999 on all devices simultaneously. Yet, in use, the >majority of people run their server on 5900 and never change  that. So when >doing a VNC-server scan, how about this: start N threads that try connect to >the N LAN machines on port-5900. M of them will be successful. After that, >check N-M machines on port-5901. P of those will be successful. Then check >N-M-P on port 5902, etc etc. This way the number of threads will get smaller >each time, and VNC servers running on 5900 will be "discovered" before the >devices not running anything are done being scanned. > If someone uses the "Check Again" button in the PropertyTab of >a specific device, though, we can go back to the 100 simultaneous threads.   This algorithm will reduce the number simultaneously executing flows, but will enlarge time of work when on many machines of LAN is absent WinVNC. Let's try.   - Igor