mirror of
https://github.com/rustdesk/rustdesk.git
synced 2026-02-17 14:07:28 +08:00
c76d10a438
* feat(macos): add privacy mode support for macOS ## Summary Add privacy mode functionality for macOS platform, allowing remote desktop sessions to hide the screen content from local users. ## Changes ### Core Implementation (src/platform/macos.mm) - Implement screen blackout using CGDisplayGammaTable API - Implement input blocking using CGEventTap to intercept keyboard/mouse - Store and restore original gamma values for proper cleanup ### Privacy Mode Integration (src/privacy_mode.rs, src/privacy_mode/macos.rs) - Add macOS privacy mode implementation with PrivacyMode trait - Register macOS privacy mode in PRIVACY_MODE_CREATOR - Set DEFAULT_PRIVACY_MODE_IMPL for macOS platform - Implement get_supported_privacy_mode_impl() for macOS ### Connection Handling (src/server/connection.rs) - Add supported_privacy_mode_impl to platform_additions for macOS - Enable privacy mode toggle in client UI when connecting via LAN IP ### Localization (src/lang/*.rs) - Add "privacy_mode_impl_macos_tip" translation for en/cn/tw ## Safety & Security - Implements Drop trait to ensure cleanup on normal exit - macOS system automatically restores gamma table on process termination - CGEventTap is automatically released when process terminates - Tested with SIGKILL to verify crash recovery ## Testing - Verified privacy mode toggle works via both ID and LAN IP connection - Verified screen recovery after process crash (kill -9) - Verified input restoration after process termination * refactor: use existing 'Privacy mode' translation key * refactor: rename gamma channel variables for better readability - rename r/g/b to red/green/blue to avoid variable shadowing confusion * fix: add error handling for gamma table restoration with fallback to system reset * fix: add error handling for CGEventTapCreate failure in privacy mode * fix: only set display to black if original gamma was saved successfully * fix: add error handling for CGSetDisplayTransferByTable when setting display to black * fix: improve event tap callback to properly distinguish remote input from local input * fix: missing macos.rs * Fix: Add display validation before restoring gamma values * Fix: Add mutex lock for thread safety in MacSetPrivacyMode * Fix: Handle return values and add missing mouse events in macos privacy mode * fix: only set conn_id after privacy mode is successfully turned on * fix: reimplement privacy mode with stable display identification Address code review concern: original gamma values stored with DisplayID as key could become stale if display list changes between privacy mode activations (e.g., display reconnected with different ID). Solution: - Use UUID instead of DisplayID as storage key (stable across reconnections) - Clear g_originalGammas when privacy mode is turned off - Register CGDisplayReconfigurationCallback to handle hot-plug events - Validate display state via FindDisplayIdByUUID() before restoration Key features: - UUID-based display identification (stable across reconnections) - Hot-plug support via CGDisplayReconfigurationCallback - EventTap auto re-enable on system timeout - Fallback to CGDisplayRestoreColorSyncSettings() for recovery - Detailed error logging with display name/ID/UUID * fix: ensure EventTap runs on main thread and improve gamma restore error handling - Add SetupEventTapOnMainThread() to create EventTap on main thread using dispatch_sync, avoiding potential issues when called from background threads - Add TeardownEventTapOnMainThread() for consistent cleanup on main thread - Check [NSThread isMainThread] to avoid deadlock when already on main thread - Add error tracking for gamma restoration during cleanup - Use CGDisplayRestoreColorSyncSettings() as fallback when individual gamma restoration fails * fix: remove invalid eventMask bits that caused undefined behavior in input blocking * fix: address code review comments for macos privacy mode implementation Changes to src/privacy_mode/macos.rs: - Add check_on_conn_id() in turn_on_privacy() to prevent duplicate activation - Add check_off_conn_id() in turn_off_privacy() to validate connection ID - Add self.conn_id = 0 in clear() to reset connection state Changes to src/platform/macos.mm: - Add link comment for ENIGO_INPUT_EXTRA_VALUE referencing libs/enigo/src/macos/macos_impl.rs - Fix NSLog format string mismatch (5 placeholders vs 4 values) - Make ApplyBlackoutToDisplay() return bool for proper error handling - Return false when UUID is empty since privacy mode requires ALL displays - Add else branches with logging for: - CGGetDisplayTransferByTable failures - Zero gamma table capacity (not supported) - Zero blackout capacity - Remove unused g_uuidToDisplayId variable (was only written, never read) * fix(macos): add early return with privacy mode exit on display hotplug failures Why large-scale changes are needed: The code review suggested adding early return when errors occur in DisplayReconfigurationCallback. However, simply returning early is not enough - when a newly connected display cannot be blacked out, we must exit privacy mode entirely to maintain security guarantees. The challenge is that DisplayReconfigurationCallback already holds g_privacyModeMutex, so calling MacSetPrivacyMode(false) directly would cause a deadlock. This necessitated: 1. Extract TurnOffPrivacyModeInternal() - a lock-free internal function that can be safely called from within the callback 2. Refactor MacSetPrivacyMode(false) branch to use this internal function 3. Add early returns with TurnOffPrivacyModeInternal() calls at each failure point in DisplayReconfigurationCallback Changes in DisplayReconfigurationCallback: - UUID empty: log + exit privacy mode + early return - Gamma table capacity zero: log + exit privacy mode + early return - CGGetDisplayTransferByTable fails: log + exit privacy mode + early return - ApplyBlackoutToDisplay fails: log + exit privacy mode + early return * fix(macos): address code review feedback and improve privacy mode stability Code Review Fixes: - Add detailed comments for potential deadlock scenarios in dispatch_sync with g_privacyModeMutex (SetupEventTapOnMainThread/TeardownEventTapOnMainThread) - Use async dispatch for privacy mode shutdown from DisplayReconfigurationCallback to avoid unregistering callback from within itself - Extract RestoreAllGammas() helper function to reduce code duplication - Fix Drop implementation in macos.rs to call self.clear() for consistency - Add comment explaining why _state parameter is ignored on macOS - Define DISPLAY_RECONFIG_MONITOR_DURATION_MS and GAMMA_CHECK_INTERVAL_MS constants - Add gamma restoration when UUID retrieval fails during privacy mode activation Privacy Mode Stability Improvements (Continuous Resolution Changes): - Implement continuous gamma value monitoring with timer polling after display reconfiguration to handle rapid successive resolution changes - Monitor gamma values every 200ms for 5 seconds after each resolution change - Automatically reapply blackout if system (ColorSync) restores gamma - Add IsDisplayBlackedOut() to detect if display gamma has been restored - Use timestamp-based debouncing: monitoring period automatically extends when new reconfig events occur during active monitoring - Ensure blackout remains effective even under continuous resolution changes where macOS may asynchronously restore gamma values multiple times This ensures privacy mode remains stable and effective when users rapidly change display resolution multiple times in succession. --------- Co-authored-by: libin <libin.chat@outlook.com>
Build •
Docker •
Structure •
Snapshot
[Українська] | [česky] | [中文] | [Magyar] | [Español] | [فارسی] | [Français] | [Deutsch] | [Polski] | [Indonesian] | [Suomi] | [മലയാളം] | [日本語] | [Nederlands] | [Italiano] | [Русский] | [Português (Brasil)] | [Esperanto] | [한국어] | [العربي] | [Tiếng Việt] | [Dansk] | [Ελληνικά] | [Türkçe] | [Norsk] | [Română]
We need your help to translate this README, RustDesk UI and RustDesk Doc to your native language
Caution
Misuse Disclaimer:
The developers of RustDesk do not condone or support any unethical or illegal use of this software. Misuse, such as unauthorized access, control or invasion of privacy, is strictly against our guidelines. The authors are not responsible for any misuse of the application.
Chat with us: Discord | Twitter | Reddit | YouTube
Yet another remote desktop solution, written in Rust. Works out of the box with no configuration required. You have full control of your data, with no concerns about security. You can use our rendezvous/relay server, set up your own, or write your own rendezvous/relay server.
RustDesk welcomes contribution from everyone. See CONTRIBUTING.md for help getting started.
Dependencies
Desktop versions use Flutter or Sciter (deprecated) for GUI, this tutorial is for Sciter only, since it is easier and more friendly to start. Check out our CI for building Flutter version.
Please download Sciter dynamic library yourself.
Raw Steps to build
-
Prepare your Rust development env and C++ build env
-
Install vcpkg, and set
VCPKG_ROOTenv variable correctly- Windows: vcpkg install libvpx:x64-windows-static libyuv:x64-windows-static opus:x64-windows-static aom:x64-windows-static
- Linux/macOS: vcpkg install libvpx libyuv opus aom
-
run
cargo run
Build
How to Build on Linux
Ubuntu 18 (Debian 10)
sudo apt install -y zip g++ gcc git curl wget nasm yasm libgtk-3-dev clang libxcb-randr0-dev libxdo-dev \
libxfixes-dev libxcb-shape0-dev libxcb-xfixes0-dev libasound2-dev libpulse-dev cmake make \
libclang-dev ninja-build libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libpam0g-dev
openSUSE Tumbleweed
sudo zypper install gcc-c++ git curl wget nasm yasm gcc gtk3-devel clang libxcb-devel libXfixes-devel cmake alsa-lib-devel gstreamer-devel gstreamer-plugins-base-devel xdotool-devel pam-devel
Fedora 28 (CentOS 8)
sudo yum -y install gcc-c++ git curl wget nasm yasm gcc gtk3-devel clang libxcb-devel libxdo-devel libXfixes-devel pulseaudio-libs-devel cmake alsa-lib-devel gstreamer1-devel gstreamer1-plugins-base-devel pam-devel
Arch (Manjaro)
sudo pacman -Syu --needed unzip git cmake gcc curl wget yasm nasm zip make pkg-config clang gtk3 xdotool libxcb libxfixes alsa-lib pipewire
Install vcpkg
git clone https://github.com/microsoft/vcpkg
cd vcpkg
git checkout 2023.04.15
cd ..
vcpkg/bootstrap-vcpkg.sh
export VCPKG_ROOT=$HOME/vcpkg
vcpkg/vcpkg install libvpx libyuv opus aom
Fix libvpx (For Fedora)
cd vcpkg/buildtrees/libvpx/src
cd *
./configure
sed -i 's/CFLAGS+=-I/CFLAGS+=-fPIC -I/g' Makefile
sed -i 's/CXXFLAGS+=-I/CXXFLAGS+=-fPIC -I/g' Makefile
make
cp libvpx.a $HOME/vcpkg/installed/x64-linux/lib/
cd
Build
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
git clone --recurse-submodules https://github.com/rustdesk/rustdesk
cd rustdesk
mkdir -p target/debug
wget https://raw.githubusercontent.com/c-smile/sciter-sdk/master/bin.lnx/x64/libsciter-gtk.so
mv libsciter-gtk.so target/debug
VCPKG_ROOT=$HOME/vcpkg cargo run
How to build with Docker
Begin by cloning the repository and building the Docker container:
git clone https://github.com/rustdesk/rustdesk
cd rustdesk
git submodule update --init --recursive
docker build -t "rustdesk-builder" .
Then, each time you need to build the application, run the following command:
docker run --rm -it -v $PWD:/home/user/rustdesk -v rustdesk-git-cache:/home/user/.cargo/git -v rustdesk-registry-cache:/home/user/.cargo/registry -e PUID="$(id -u)" -e PGID="$(id -g)" rustdesk-builder
Note that the first build may take longer before dependencies are cached, subsequent builds will be faster. Additionally, if you need to specify different arguments to the build command, you may do so at the end of the command in the <OPTIONAL-ARGS> position. For instance, if you wanted to build an optimized release version, you would run the command above followed by --release. The resulting executable will be available in the target folder on your system, and can be run with:
target/debug/rustdesk
Or, if you're running a release executable:
target/release/rustdesk
Please ensure that you run these commands from the root of the RustDesk repository, or the application may not find the required resources. Also note that other cargo subcommands such as install or run are not currently supported via this method as they would install or run the program inside the container instead of the host.
File Structure
- libs/hbb_common: video codec, config, tcp/udp wrapper, protobuf, fs functions for file transfer, and some other utility functions
- libs/scrap: screen capture
- libs/enigo: platform specific keyboard/mouse control
- libs/clipboard: file copy and paste implementation for Windows, Linux, macOS.
- src/ui: obsolete Sciter UI (deprecated)
- src/server: audio/clipboard/input/video services, and network connections
- src/client.rs: start a peer connection
- src/rendezvous_mediator.rs: Communicate with rustdesk-server, wait for remote direct (TCP hole punching) or relayed connection
- src/platform: platform specific code
- flutter: Flutter code for desktop and mobile
- flutter/web/js: JavaScript for Flutter web client