rpms/libvncserver
7
0
Fork 0
Code Issues Pull Requests Releases Activity

tls patches rebased

Browse Source
This commit is contained in:
Rex Dieter 2020-07-02 08:35:47 -05:00
parent ef2f30c801
commit 3995c25270
3 changed files with 99 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
View File

@ -1,4 +1,4 @@
From 0a98d629447964f1d5d922d5012ee0c2cbf10694 Mon Sep 17 00:00:00 2001
From 450f4a50771fd36cdd170356f83ebab5ff0dea51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Mon, 11 Jun 2018 23:47:02 +0200
Subject: [PATCH 1/2] libvncserver: Add API to add custom I/O entry points
@ -7,16 +7,16 @@ Add API to make it possible to channel RFB input and output through
another layer, for example TLS. This is done by making it possible to
override the default read/write/peek functions.
---
libvncserver/rfbserver.c | 4 +++
libvncserver/sockets.c | 64 +++++++++++++++++++++++++++++++++++++---
rfb/rfb.h | 17 +++++++++++
3 files changed, 81 insertions(+), 4 deletions(-)
libvncserver/rfbserver.c | 4 ++
libvncserver/sockets.c | 79 ++++++++++++++++++++++++++++++++++++----
rfb/rfb.h | 17 +++++++++
3 files changed, 93 insertions(+), 7 deletions(-)
diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
index 7af6aed..fbedd9f 100644
index 44ca2153..cee87dbb 100644
--- a/libvncserver/rfbserver.c
+++ b/libvncserver/rfbserver.c
@@ -322,6 +322,10 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen,
@@ -319,6 +319,10 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen,
cl->screen = rfbScreen;
cl->sock = sock;
@ -28,10 +28,56 @@ index 7af6aed..fbedd9f 100644
/* setup pseudo scaling */
cl->scaledScreen = rfbScreen;
diff --git a/libvncserver/sockets.c b/libvncserver/sockets.c
index bbc3d90..27515f2 100644
index 2c87376b..4bb881ec 100644
--- a/libvncserver/sockets.c
+++ b/libvncserver/sockets.c
@@ -589,6 +589,30 @@ rfbConnect(rfbScreenInfoPtr rfbScreen,
@@ -101,6 +101,9 @@ int deny_severity=LOG_WARNING;
int rfbMaxClientWait = 20000; /* time (ms) after which we decide client has
gone away - needed to stop us hanging */
+static rfbBool
+rfbHasPendingOnSocket(rfbClientPtr cl);
+
static rfbBool
rfbNewConnectionFromSock(rfbScreenInfoPtr rfbScreen, rfbSocket sock)
{
@@ -364,16 +367,20 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec)
tv.tv_usec = usec;
nfds = select(rfbScreen->maxFd + 1, &fds, NULL, NULL /* &fds */, &tv);
if (nfds == 0) {
+ rfbBool hasPendingData = FALSE;
+
/* timed out, check for async events */
i = rfbGetClientIterator(rfbScreen);
while((cl = rfbClientIteratorNext(i))) {
if (cl->onHold)
continue;
+ hasPendingData |= rfbHasPendingOnSocket(cl);
if (FD_ISSET(cl->sock, &(rfbScreen->allFds)))
rfbSendFileTransferChunk(cl);
}
rfbReleaseClientIterator(i);
- return result;
+ if (!hasPendingData)
+ return result;
}
if (nfds < 0) {
@@ -449,9 +456,11 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec)
if (cl->onHold)
continue;
- if (FD_ISSET(cl->sock, &(rfbScreen->allFds)))
+ if (rfbHasPendingOnSocket (cl) ||
+ FD_ISSET(cl->sock, &(rfbScreen->allFds)))
{
- if (FD_ISSET(cl->sock, &fds))
+ if (rfbHasPendingOnSocket (cl) ||
+ FD_ISSET(cl->sock, &fds))
{
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
do {
@@ -614,6 +623,30 @@ rfbConnect(rfbScreenInfoPtr rfbScreen,
return sock;
}
@ -56,13 +102,13 @@ index bbc3d90..27515f2 100644
+static rfbBool
+rfbHasPendingOnSocket(rfbClientPtr cl)
+{
+ cl->hasPendingOnSocket(cl);
+ return cl->hasPendingOnSocket(cl);
+}
+
/*
* ReadExact reads an exact number of bytes from a client. Returns 1 if
* those bytes have been read, 0 if the other end has closed, or -1 if an error
@@ -610,10 +634,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
@@ -635,10 +668,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
} else if (cl->sslctx) {
n = rfbssl_read(cl, buf, len);
} else {
@ -75,7 +121,7 @@ index bbc3d90..27515f2 100644
#endif
if (n > 0) {
@@ -645,6 +669,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
@@ -670,6 +703,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
continue;
}
#endif
@ -86,7 +132,7 @@ index bbc3d90..27515f2 100644
FD_ZERO(&fds);
FD_SET(sock, &fds);
tv.tv_sec = timeout / 1000;
@@ -681,6 +709,18 @@ int rfbReadExact(rfbClientPtr cl,char* buf,int len)
@@ -706,6 +743,18 @@ int rfbReadExact(rfbClientPtr cl,char* buf,int len)
return(rfbReadExactTimeout(cl,buf,len,rfbMaxClientWait));
}
@ -105,7 +151,7 @@ index bbc3d90..27515f2 100644
/*
* PeekExact peeks at an exact number of bytes from a client. Returns 1 if
* those bytes have been read, 0 if the other end has closed, or -1 if an
@@ -701,7 +741,7 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
@@ -726,7 +775,7 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
n = rfbssl_peek(cl, buf, len);
else
#endif
@ -114,7 +160,7 @@ index bbc3d90..27515f2 100644
if (n == len) {
@@ -757,6 +797,22 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
@@ -782,6 +831,22 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
return 1;
}
@ -137,7 +183,7 @@ index bbc3d90..27515f2 100644
/*
* WriteExact writes an exact number of bytes to a client. Returns 1 if
* those bytes have been written, or -1 if an error occurred (errno is set to
@@ -801,7 +857,7 @@ rfbWriteExact(rfbClientPtr cl,
@@ -826,7 +891,7 @@ rfbWriteExact(rfbClientPtr cl,
n = rfbssl_write(cl, buf, len);
else
#endif
@ -147,12 +193,12 @@ index bbc3d90..27515f2 100644
if (n > 0) {
diff --git a/rfb/rfb.h b/rfb/rfb.h
index f982b40..ba9e898 100644
index 5e9ba86f..3c0b25a3 100644
--- a/rfb/rfb.h
+++ b/rfb/rfb.h
@@ -413,6 +413,14 @@ typedef struct sraRegion* sraRegionPtr;
@@ -387,6 +387,14 @@ typedef struct sraRegion* sraRegionPtr;
typedef void (*ClientGoneHookPtr)(struct _rfbClientRec* cl);
typedef void (*ClientFramebufferUpdateRequestHookPtr)(struct _rfbClientRec* cl, rfbFramebufferUpdateRequestMsg* furMsg);
+typedef int (*ClientReadFromSocket)(struct _rfbClientRec* cl,
+ char *buf, int len);
@ -165,10 +211,10 @@ index f982b40..ba9e898 100644
typedef struct _rfbFileTransferData {
int fd;
int compressionEnabled;
@@ -694,6 +702,11 @@ typedef struct _rfbClientRec {
#ifdef LIBVNCSERVER_HAVE_LIBPTHREAD
int pipe_notify_client_thread[2];
#endif
@@ -680,6 +688,11 @@ typedef struct _rfbClientRec {
rfbBool useExtDesktopSize;
int requestedDesktopSizeChange;
int lastDesktopSizeChangeError;
+
+ ClientReadFromSocket readFromSocket; /* Read data from socket */
+ ClientPeekAtSocket peekAtSocket; /* Peek at data from socket */
@ -177,7 +223,7 @@ index f982b40..ba9e898 100644
} rfbClientRec, *rfbClientPtr;
/**
@@ -746,8 +759,12 @@ extern void rfbDisconnectUDPSock(rfbScre
@@ -732,8 +745,12 @@ extern void rfbDisconnectUDPSock(rfbScreenInfoPtr rfbScreen);
extern void rfbCloseClient(rfbClientPtr cl);
extern int rfbReadExact(rfbClientPtr cl, char *buf, int len);
extern int rfbReadExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout);
@ -188,5 +234,8 @@ index f982b40..ba9e898 100644
extern int rfbWriteExact(rfbClientPtr cl, const char *buf, int len);
+extern int rfbDefaultWriteToSocket(rfbClientPtr cl, const char *buf, int len);
extern int rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec);
extern int rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port);
extern int rfbConnectToTcpAddr(char* host, int port);
extern rfbSocket rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port);
extern rfbSocket rfbConnectToTcpAddr(char* host, int port);
--
2.25.4

34
0002-libvncserver-Add-channel-security-handlers.patch
View File

@ -1,4 +1,4 @@
From c343c1b43080bcb45dad285faa5cd8926bfb9811 Mon Sep 17 00:00:00 2001
From 30b947df1b25cf741f6863b4c3f77e0016aa4898 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Mon, 11 Jun 2018 23:50:05 +0200
Subject: [PATCH 2/2] libvncserver: Add channel security handlers
@ -13,13 +13,13 @@ done by adding a single channel security handler with the rfbTLS (18)
with a handler that initiates a TLS session, and when a TLS session is
initiated, the regular security handler list is sent.
---
libvncserver/auth.c | 162 ++++++++++++++++++++++++++++++---------
libvncserver/auth.c | 164 ++++++++++++++++++++++++++++++---------
libvncserver/rfbserver.c | 1 +
rfb/rfb.h | 15 +++-
3 files changed, 140 insertions(+), 38 deletions(-)
3 files changed, 142 insertions(+), 38 deletions(-)
diff --git a/libvncserver/auth.c b/libvncserver/auth.c
index 814a814..6581953 100644
index 814a8142..55e0b3c9 100644
--- a/libvncserver/auth.c
+++ b/libvncserver/auth.c
@@ -37,18 +37,17 @@ void rfbClientSendString(rfbClientPtr cl, const char *reason);
@ -255,20 +255,22 @@ index 814a814..6581953 100644
if (securityType == rfbSecTypeInvalid) {
rfbLog("VNC authentication disabled - RFB 3.3 client rejected\n");
rfbClientConnFailed(cl, "Your viewer cannot handle required "
@@ -316,9 +394,11 @@ rfbAuthNewClient(rfbClientPtr cl)
@@ -316,9 +394,13 @@ rfbAuthNewClient(rfbClientPtr cl)
return;
}
rfbSendSecurityType(cl, securityType);
+ } else if (channelSecurityHandlers) {
+ rfbLog("Send channel security type list\n");
+ rfbSendChannelSecurityTypeList(cl);
} else {
/* Here it's ok when securityType is set to rfbSecTypeInvalid. */
- rfbSendSecurityTypeList(cl, securityType);
+ rfbLog("Send channel security type 'none'\n");
+ rfbSendSecurityTypeList(cl, RFB_SECURITY_TAG_NONE);
}
}
@@ -332,6 +412,7 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
@@ -332,6 +414,7 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
int n;
uint8_t chosenType;
rfbSecurityHandler* handler;
@ -276,7 +278,7 @@ index 814a814..6581953 100644
/* Read the security type. */
n = rfbReadExact(cl, (char *)&chosenType, 1);
@@ -344,8 +425,17 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
@@ -344,8 +427,17 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
return;
}
@ -296,10 +298,10 @@ index 814a814..6581953 100644
rfbLog("rfbProcessClientSecurityType: executing handler for type %d\n", chosenType);
handler->handler(cl);
diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
index fbedd9f..1e8b3c1 100644
index cee87dbb..6efede61 100644
--- a/libvncserver/rfbserver.c
+++ b/libvncserver/rfbserver.c
@@ -643,6 +643,7 @@ rfbProcessClientMessage(rfbClientPtr cl)
@@ -654,6 +654,7 @@ rfbProcessClientMessage(rfbClientPtr cl)
case RFB_PROTOCOL_VERSION:
rfbProcessClientProtocolVersion(cl);
return;
@ -308,10 +310,10 @@ index fbedd9f..1e8b3c1 100644
rfbProcessClientSecurityType(cl);
return;
diff --git a/rfb/rfb.h b/rfb/rfb.h
index ba9e898..be58d08 100644
index 3c0b25a3..d136f884 100644
--- a/rfb/rfb.h
+++ b/rfb/rfb.h
@@ -182,6 +182,11 @@ typedef struct {
@@ -144,6 +144,11 @@ typedef struct {
} data; /**< there have to be count*3 entries */
} rfbColourMap;
@ -323,7 +325,7 @@ index ba9e898..be58d08 100644
/**
* Security handling (RFB protocol version 3.7)
*/
@@ -190,6 +195,7 @@ typedef struct _rfbSecurity {
@@ -152,6 +157,7 @@ typedef struct _rfbSecurity {
uint8_t type;
void (*handler)(struct _rfbClientRec* cl);
struct _rfbSecurity* next;
@ -331,7 +333,7 @@ index ba9e898..be58d08 100644
} rfbSecurityHandler;
/**
@@ -506,7 +512,7 @@ typedef struct _rfbClientRec {
@@ -480,7 +486,7 @@ typedef struct _rfbClientRec {
/** Possible client states: */
enum {
RFB_PROTOCOL_VERSION, /**< establishing protocol version */
@ -340,7 +342,7 @@ index ba9e898..be58d08 100644
RFB_AUTHENTICATION, /**< authenticating */
RFB_INITIALISATION, /**< sending initialisation messages */
RFB_NORMAL, /**< normal protocol messages */
@@ -514,7 +520,9 @@ typedef struct _rfbClientRec {
@@ -488,7 +494,9 @@ typedef struct _rfbClientRec {
/* Ephemeral internal-use states that will never be seen by software
* using LibVNCServer to provide services: */
@ -351,7 +353,7 @@ index ba9e898..be58d08 100644
} state;
rfbBool reverseConnection;
@@ -855,6 +863,9 @@ extern void rfbProcessClientSecurityType(rfbClientPtr cl);
@@ -840,6 +848,9 @@ extern void rfbProcessClientSecurityType(rfbClientPtr cl);
extern void rfbAuthProcessClientMessage(rfbClientPtr cl);
extern void rfbRegisterSecurityHandler(rfbSecurityHandler* handler);
extern void rfbUnregisterSecurityHandler(rfbSecurityHandler* handler);
@ -362,5 +364,5 @@ index ba9e898..be58d08 100644
/* rre.c */
--
2.17.1
2.25.4

9
libvncserver.spec
View File

@ -1,7 +1,7 @@
Summary: Library to make writing a VNC server easy
Name: libvncserver
Version: 0.9.13
Release: 1%{?dist}
Release: 2%{?dist}
# NOTE: --with-filetransfer => GPLv2
License: GPLv2+
@ -80,8 +80,8 @@ developing applications that use %{name}.
%setup -q -n %{name}-LibVNCServer-%{version}
## FIXME: needs rebasing
#patch10 -p1 -b .tls-1
#patch11 -p1 -b .tls-2
%patch10 -p1 -b .tls-1
%patch11 -p1 -b .tls-2
%patch102 -p1 -b .crypto_policy
@ -125,6 +125,9 @@ popd
%changelog
* Thu Jul 02 2020 Rex Dieter <rdieter@fedoraproject.org> - 0.9.13-2
- tls patches rebased
* Thu Jul 02 2020 Rex Dieter <rdieter@fedoraproject.org> - 0.9.13-1
- 0.9.13
- FIXME/TODO: tls patches need rebasing, work-in-progress