[Local check] Detect if vnc and teamviewer process(es) have incoming connections #202
Description
Sorry for the delay. Kinda as suspected, neither xvnc nor TeamViewer sessions will show any sign of a remote connection. They pretty much just capture the screen and inject keyboard/mouse events, simulating a local user. On the other hand I think it exposed an error in a script somewhere:
[src/local.c:344] Trying to get tty by loginctl
sh: 1: Syntax error: "(" unexpected
As far as TeamViewer and VNC go, there doesn't seem to be any way to detect an active incoming TeamViewer or VNC connection short of checking active. ss -tnp for example will show a line users:(("TeamViewer_Desk",pid=406339,fd=14)) when there is an active incoming connection.
Full output from Konsole via an established TeamViewer console (looks the same on xvnc):
username@testvm:~$ pamusb-check --debug username
* Authentication request for user "username" (pamusb-check)
[src/local.c:227] Checking whether the caller (pamusb-check) is local or not...
[src/local.c:238] Checking pid 405205 (pamusb-check)...
[src/local.c:238] Checking pid 405177 (/bin/bash)...
[src/local.c:238] Checking pid 405156 (konsole)...
[src/local.c:238] Checking pid 1555 (/lib/systemd/systemd)...
[src/local.c:238] Checking pid 1 (/sbin/init)...
[src/local.c:296] Using DISPLAY :0 for utmp search
[src/local.c:050] No utmp entry found for tty ":0"
[src/local.c:312] Trying to get tty from display server
[src/local.c:322] Failed, no result while trying to get TTY from display server
[src/local.c:327] Trying to get tty by DISPLAY
[src/local.c:335] Failed, no result while searching utmp for display :0 owned by user username
[src/local.c:344] Trying to get tty by loginctl
sh: 1: Syntax error: "(" unexpected
[src/local.c:214] 'loginctl' returned nothing.'
[src/local.c:355] Failed, no result while searching utmp for tty (null)
[src/local.c:367] Fallback: Using TTY /dev/pts/1 from ttyname() for search
[src/local.c:053] utmp entry for tty "pts/1" found
[src/local.c:054] utmp->ut_pid: 405177
[src/local.c:055] utmp->ut_user: username
[src/local.c:071] Checking utmp->ut_addr_v6[0]
[src/local.c:071] Checking utmp->ut_addr_v6[1]
[src/local.c:071] Checking utmp->ut_addr_v6[2]
[src/local.c:071] Checking utmp->ut_addr_v6[3]
[src/local.c:075] utmp check successful, request originates from a local source!
[src/local.c:374] No remote access detected, seems to be local request - allowing.
[src/device.c:038] Searching for "KeychainDrive" in the hardware database...
* Authentication device "KeychainDrive" is connected.
[src/device.c:100] One time pad is disabled, no more verifications to do.
* Access granted.
...and output from w (also the same for Teamviewer and VNC):
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
username tty1 :0 17:54 6:00 16.87s 0.26s /usr/bin/startplasma-x11
username pts/0 :0 17:54 6:00 0.00s 1.67s /usr/bin/kded5
username pts/1 :0 17:55 0.00s 0.02s 0.01s w
username tty2 - 17:54 6:00 0.05s 0.03s -bash
Originally posted by @steelsnake in #124 (reply in thread)