From 7a873d6f83ce3d0fdd846d436221c38d2ff98c83 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 5 Mar 2021 15:52:12 +0100
Subject: [remoteaccess] Allow changing client-side VNC port

References #3823
---
 modules-available/remoteaccess/api.inc.php         | 12 +++++++----
 .../remoteaccess/inc/remoteaccess.inc.php          |  2 ++
 modules-available/remoteaccess/install.inc.php     | 10 +++++++++
 .../remoteaccess/lang/de/template-tags.json        |  4 +++-
 .../remoteaccess/lang/en/template-tags.json        |  6 ++++--
 modules-available/remoteaccess/page.inc.php        |  2 ++
 .../remoteaccess/templates/edit-settings.html      | 24 +++++++++++++++-------
 7 files changed, 46 insertions(+), 14 deletions(-)

diff --git a/modules-available/remoteaccess/api.inc.php b/modules-available/remoteaccess/api.inc.php
index 2e1e4bf9..4ce733b3 100644
--- a/modules-available/remoteaccess/api.inc.php
+++ b/modules-available/remoteaccess/api.inc.php
@@ -7,9 +7,12 @@ $password = Request::post('password', false, 'string');
 if ($password !== false) {
 	$c = Database::queryFirst("SELECT machineuuid FROM machine WHERE clientip = :ip", ['ip' => $ip]);
 	if ($c !== false) {
-		Database::exec("INSERT INTO remoteaccess_machine (machineuuid, password)
-				VALUES (:uuid, :passwd)
-				ON DUPLICATE KEY UPDATE password = VALUES(password)", ['uuid' => $c['machineuuid'], 'passwd' => $password]);
+		$vncport = Request::post('vncport', 5900, 'int');
+		Database::exec("INSERT INTO remoteaccess_machine (machineuuid, password, vncport)
+				VALUES (:uuid, :passwd, :vncport)
+				ON DUPLICATE KEY UPDATE
+					password = VALUES(password), vncport = VALUES(vncport)",
+			['uuid' => $c['machineuuid'], 'passwd' => $password, 'vncport' => $vncport]);
 	}
 	exit;
 }
@@ -35,7 +38,7 @@ if (empty($remoteLocations)) {
 } else {
 // TODO fail-counter for WOL, so we can ignore machines that apparently can't be woken up
 // -> Reset counter in our ~poweron hook, but only if the time roughly matches a WOL attempt (within ~5 minutes)
-	$rows = Database::queryAll("SELECT m.clientip, m.locationid, m.state, ram.password, ram.woltime FROM machine m
+	$rows = Database::queryAll("SELECT m.clientip, m.locationid, m.state, ram.password, ram.vncport, ram.woltime FROM machine m
 	LEFT JOIN remoteaccess_machine ram ON (ram.machineuuid = m.machineuuid AND (ram.password IS NOT NULL OR m.state <> 'IDLE'))
 	LEFT JOIN runmode r ON (r.machineuuid = m.machineuuid)
 	WHERE m.locationid IN (:locs)
@@ -48,6 +51,7 @@ if (empty($remoteLocations)) {
 			$row['wol_in_progress'] = true;
 		}
 		settype($row['locationid'], 'int');
+		settype($row['vncport'], 'int');
 		unset($row['woltime']);
 	}
 }
diff --git a/modules-available/remoteaccess/inc/remoteaccess.inc.php b/modules-available/remoteaccess/inc/remoteaccess.inc.php
index 37d33d45..3ec1695e 100644
--- a/modules-available/remoteaccess/inc/remoteaccess.inc.php
+++ b/modules-available/remoteaccess/inc/remoteaccess.inc.php
@@ -7,6 +7,8 @@ class RemoteAccess
 
 	const PROP_TRY_VIRT_HANDOVER = 'remoteaccess.virthandover';
 
+	const PROP_VNC_PORT = 'remoteaccess.vncport';
+
 	public static function getEnabledLocations($group = 0)
 	{
 		if ($group === 0) {
diff --git a/modules-available/remoteaccess/install.inc.php b/modules-available/remoteaccess/install.inc.php
index 11656218..2e248282 100644
--- a/modules-available/remoteaccess/install.inc.php
+++ b/modules-available/remoteaccess/install.inc.php
@@ -21,6 +21,7 @@ $dbret[] = tableCreate('remoteaccess_machine', "
 	`machineuuid` char(36) CHARACTER SET ascii NOT NULL,
 	`password` char(8) CHARACTER SET ascii NULL DEFAULT NULL,
 	`woltime` int(10) UNSIGNED NOT NULL DEFAULT '0',
+	`vncport` smallint(5) UNSIGNED NOT NULL DEFAULT '5900',
 	PRIMARY KEY (`machineuuid`)
 ");
 
@@ -57,4 +58,13 @@ if (tableExists('remoteaccess_location')
 	Database::exec("DROP TABLE remoteaccess_location");
 }
 
+// 2021-03-05: Add vncport column to machine table
+if (!tableHasColumn('remoteaccess_machine', 'vncport')) {
+	$ret = Database::exec("ALTER TABLE remoteaccess_machine ADD COLUMN `vncport` smallint(5) UNSIGNED NOT NULL DEFAULT '5900'");
+	if ($ret === false) {
+		finalResponse(UPDATE_FAILED, Database::lastError());
+	}
+	$dbret[] = UPDATE_DONE;
+}
+
 responseFromArray($dbret);
diff --git a/modules-available/remoteaccess/lang/de/template-tags.json b/modules-available/remoteaccess/lang/de/template-tags.json
index a5d9ef07..724d5cf0 100644
--- a/modules-available/remoteaccess/lang/de/template-tags.json
+++ b/modules-available/remoteaccess/lang/de/template-tags.json
@@ -3,6 +3,7 @@
     "lang_allowAccessText": "IP-Adresse oder Netz in CIDR Notation, welches auf den VNC-Port des Clients zugreifen darf. (I.d.R. nur der Guacamole-Server)",
     "lang_allowedAccessToVncPort": "Erlaubte Quelle f\u00fcr VNC-Zugriff",
     "lang_assignLocations": "R\u00e4ume zuweisen",
+    "lang_clientVncPort": "VNC Port (Client)",
     "lang_general": "Allgemein",
     "lang_group": "Gruppe",
     "lang_groupListText": "Liste verf\u00fcgbarer Gruppen (\"virtuelle R\u00e4ume\")",
@@ -13,5 +14,6 @@
     "lang_reallyDelete": "Wirklich l\u00f6schen?",
     "lang_remoteAccessSettings": "Einstellungen f\u00fcr den Fernzugriff",
     "lang_tryVirtualizerHandover": "Versuche, VNC-Server des Virtualisierers zu verwenden",
-    "lang_tryVirtualizerText": "Wenn aktiviert wird versucht, nach dem Start einer VM die Verbindung auf den VNC-Server des Virtualisierers umzubuchen. Zumindest f\u00fcr VMware haben wir hier allerdings eher eine Verschlechterung der Performance beobachten k\u00f6nnen; au\u00dferdem bricht die Verbindung beim Handover manchmal ab -> Nur experimentell!"
+    "lang_tryVirtualizerText": "Wenn aktiviert wird versucht, nach dem Start einer VM die Verbindung auf den VNC-Server des Virtualisierers umzubuchen. Zumindest f\u00fcr VMware haben wir hier allerdings eher eine Verschlechterung der Performance beobachten k\u00f6nnen; au\u00dferdem bricht die Verbindung beim Handover manchmal ab -> Nur experimentell!",
+    "lang_vncPortText": "Port, auf dem die Clients auf VNC-Verbindungen warten. Bei Verwendung eines Ports ungleich 5900 bitte sicherstellen, dass das aktuelle Guacamole-Plugin verwendet wird."
 }
\ No newline at end of file
diff --git a/modules-available/remoteaccess/lang/en/template-tags.json b/modules-available/remoteaccess/lang/en/template-tags.json
index 85577438..b817fc52 100644
--- a/modules-available/remoteaccess/lang/en/template-tags.json
+++ b/modules-available/remoteaccess/lang/en/template-tags.json
@@ -3,6 +3,7 @@
     "lang_allowAccessText": "IP address (or net in CIDR notation) which is allowed to access the VNC port of the clients (usually only the guacamole proxy-server)",
     "lang_allowedAccessToVncPort": "Allowed source for VNC-access",
     "lang_assignLocations": "Assing locations",
+    "lang_clientVncPort": "VNC port (client)",
     "lang_general": "General",
     "lang_group": "Group",
     "lang_groupListText": "Available groups (\"virtual locations\")",
@@ -12,6 +13,7 @@
     "lang_numLocs": "Locations",
     "lang_reallyDelete": "Delete?",
     "lang_remoteAccessSettings": "Settings for remoteaccess",
-    "lang_tryVirtualizerHandover": "Try to use VNC-server of the virtual hypervisor",
-    "lang_tryVirtualizerText": "If activated the system tries to change the remote VNC-connection to the internal VNC-server of the hypervisor after VM start.\r\nAt least in the case of VMware it seems to reduce performance and sometimes the connection during handover is lost.\r\n-> Only experimental!"
+    "lang_tryVirtualizerHandover": "Try to use VNC-server of the hypervisor",
+    "lang_tryVirtualizerText": "If activated the system tries to change the remote VNC-connection to the internal VNC-server of the hypervisor after VM start.\r\nAt least in the case of VMware it seems to reduce performance and sometimes the connection during handover is lost.\r\n-> Just experimental!",
+    "lang_vncPortText": "Port on which clients will wait for VNC connections. Please make sure you're running the latest version of the Guacamole plugin when changing this to something other than 5900."
 }
\ No newline at end of file
diff --git a/modules-available/remoteaccess/page.inc.php b/modules-available/remoteaccess/page.inc.php
index 68781ffa..6ed211ec 100644
--- a/modules-available/remoteaccess/page.inc.php
+++ b/modules-available/remoteaccess/page.inc.php
@@ -40,6 +40,7 @@ class Page_RemoteAccess extends Page
 			User::assertPermission('set-proxy-ip');
 			Property::set(RemoteAccess::PROP_ALLOWED_VNC_NET, Request::post('allowed-source', '', 'string'));
 			Property::set(RemoteAccess::PROP_TRY_VIRT_HANDOVER, Request::post('virt-handover', false, 'int'));
+			Property::set(RemoteAccess::PROP_VNC_PORT, Request::post('vncport', 5900, 'int'));
 			Message::addSuccess('settings-saved');
 		} elseif ($action === 'delete-group') {
 			User::assertPermission('group.edit');
@@ -98,6 +99,7 @@ class Page_RemoteAccess extends Page
 			$data = [
 				'allowed-source' => Property::get(RemoteAccess::PROP_ALLOWED_VNC_NET),
 				'virt-handover_checked' => Property::get(RemoteAccess::PROP_TRY_VIRT_HANDOVER) ? 'checked' : '',
+				'vncport' => Property::get(RemoteAccess::PROP_VNC_PORT, 5900),
 				'groups' => $groups,
 			];
 			Permission::addGlobalTags($data['perms'], null, ['group.locations', 'group.add', 'group.edit', 'set-proxy-ip']);
diff --git a/modules-available/remoteaccess/templates/edit-settings.html b/modules-available/remoteaccess/templates/edit-settings.html
index 3c890b91..8f057232 100644
--- a/modules-available/remoteaccess/templates/edit-settings.html
+++ b/modules-available/remoteaccess/templates/edit-settings.html
@@ -4,13 +4,23 @@
 
 <form method="post" action="?do=remoteaccess">
 	<input type="hidden" name="token" value="{{token}}">
-	<div class="form-group">
-		<label>
-			{{lang_allowedAccessToVncPort}}
-			<input type="text" class="form-control" name="allowed-source" value="{{allowed-source}}"
-					 required {{perms.set-proxy-ip.disabled}}>
-		</label>
-		<p>{{lang_allowAccessText}}</p>
+	<div class="row">
+		<div class="form-group col-md-6">
+			<label>
+				{{lang_allowedAccessToVncPort}}
+				<input type="text" class="form-control" name="allowed-source" value="{{allowed-source}}"
+						 required {{perms.set-proxy-ip.disabled}}>
+			</label>
+			<p>{{lang_allowAccessText}}</p>
+		</div>
+		<div class="form-group col-md-6">
+			<label>
+				{{lang_clientVncPort}}
+				<input type="number" class="form-control" name="vncport" value="{{vncport}}" min="1025" max="65535"
+						 required {{perms.set-proxy-ip.disabled}}>
+			</label>
+			<p>{{lang_vncPortText}}</p>
+		</div>
 	</div>
 	<div class="form-group">
 		<div class="checkbox">
-- 
cgit v1.2.3-55-g7522