tls patches rebased

5 years ago · 3995c25270
parent ef2f30c801
commit 3995c25270
3 changed files with 99 additions and 45 deletions
--- a/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
+++ b/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch
@ -1,4 +1,4 @@
-From 0a98d629447964f1d5d922d5012ee0c2cbf10694 Mon Sep 17 00:00:00 2001
+From 450f4a50771fd36cdd170356f83ebab5ff0dea51 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Mon, 11 Jun 2018 23:47:02 +0200
 Subject: [PATCH 1/2] libvncserver: Add API to add custom I/O entry points
@ -7,16 +7,16 @@ Add API to make it possible to channel RFB input and output through
 another layer, for example TLS. This is done by making it possible to
 override the default read/write/peek functions.
 ---
- libvncserver/rfbserver.c |  4 +++
- libvncserver/sockets.c   | 64 +++++++++++++++++++++++++++++++++++++---
- rfb/rfb.h                | 17 +++++++++++
- 3 files changed, 81 insertions(+), 4 deletions(-)
+ libvncserver/rfbserver.c |  4 ++
+ libvncserver/sockets.c   | 79 ++++++++++++++++++++++++++++++++++++----
+ rfb/rfb.h                | 17 +++++++++
+ 3 files changed, 93 insertions(+), 7 deletions(-)

 diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
-index 7af6aed..fbedd9f 100644
+index 44ca2153..cee87dbb 100644
 --- a/libvncserver/rfbserver.c
 +++ b/libvncserver/rfbserver.c
-@@ -322,6 +322,10 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen,
+@@ -319,6 +319,10 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen,
 
     cl->screen = rfbScreen;
     cl->sock = sock;
@ -28,10 +28,56 @@ index 7af6aed..fbedd9f 100644
     /* setup pseudo scaling */
     cl->scaledScreen = rfbScreen;
 diff --git a/libvncserver/sockets.c b/libvncserver/sockets.c
-index bbc3d90..27515f2 100644
+index 2c87376b..4bb881ec 100644
 --- a/libvncserver/sockets.c
 +++ b/libvncserver/sockets.c
-@@ -589,6 +589,30 @@ rfbConnect(rfbScreenInfoPtr rfbScreen,
+@@ -101,6 +101,9 @@ int deny_severity=LOG_WARNING;
+ int rfbMaxClientWait = 20000;   /* time (ms) after which we decide client has
+                                    gone away - needed to stop us hanging */
+ 
+static rfbBool
+rfbHasPendingOnSocket(rfbClientPtr cl);
+
+ static rfbBool
+ rfbNewConnectionFromSock(rfbScreenInfoPtr rfbScreen, rfbSocket sock)
+ {
+@@ -364,16 +367,20 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec)
+ 	tv.tv_usec = usec;
+ 	nfds = select(rfbScreen->maxFd + 1, &fds, NULL, NULL /* &fds */, &tv);
+ 	if (nfds == 0) {
+            rfbBool hasPendingData = FALSE;
+
+ 	    /* timed out, check for async events */
+             i = rfbGetClientIterator(rfbScreen);
+             while((cl = rfbClientIteratorNext(i))) {
+                 if (cl->onHold)
+                     continue;
+                hasPendingData |= rfbHasPendingOnSocket(cl);
+                 if (FD_ISSET(cl->sock, &(rfbScreen->allFds)))
+                     rfbSendFileTransferChunk(cl);
+             }
+             rfbReleaseClientIterator(i);
+-	    return result;
+            if (!hasPendingData)
+                return result;
+ 	}
+ 
+ 	if (nfds < 0) {
+@@ -449,9 +456,11 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec)
+ 	    if (cl->onHold)
+ 		continue;
+ 
+-            if (FD_ISSET(cl->sock, &(rfbScreen->allFds)))
+            if (rfbHasPendingOnSocket (cl) ||
+                FD_ISSET(cl->sock, &(rfbScreen->allFds)))
+             {
+-                if (FD_ISSET(cl->sock, &fds))
+                if (rfbHasPendingOnSocket (cl) ||
+                    FD_ISSET(cl->sock, &fds))
+                 {
+ #ifdef LIBVNCSERVER_WITH_WEBSOCKETS
+                     do {
+@@ -614,6 +623,30 @@ rfbConnect(rfbScreenInfoPtr rfbScreen,
     return sock;
 }
 
@ -56,13 +102,13 @@ index bbc3d90..27515f2 100644
 +static rfbBool
 +rfbHasPendingOnSocket(rfbClientPtr cl)
 +{
-+    cl->hasPendingOnSocket(cl);
+    return cl->hasPendingOnSocket(cl);
 +}
 +
 /*
  * ReadExact reads an exact number of bytes from a client.  Returns 1 if
  * those bytes have been read, 0 if the other end has closed, or -1 if an error
-@@ -610,10 +634,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
+@@ -635,10 +668,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
         } else if (cl->sslctx) {
 	    n = rfbssl_read(cl, buf, len);
 	} else {
@ -75,7 +121,7 @@ index bbc3d90..27515f2 100644
 #endif
 
         if (n > 0) {
-@@ -645,6 +669,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
+@@ -670,6 +703,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
 		    continue;
 	    }
 #endif
@ -86,7 +132,7 @@ index bbc3d90..27515f2 100644
             FD_ZERO(&fds);
             FD_SET(sock, &fds);
             tv.tv_sec = timeout / 1000;
-@@ -681,6 +709,18 @@ int rfbReadExact(rfbClientPtr cl,char* buf,int len)
+@@ -706,6 +743,18 @@ int rfbReadExact(rfbClientPtr cl,char* buf,int len)
     return(rfbReadExactTimeout(cl,buf,len,rfbMaxClientWait));
 }
 
@ -105,7 +151,7 @@ index bbc3d90..27515f2 100644
 /*
  * PeekExact peeks at an exact number of bytes from a client.  Returns 1 if
  * those bytes have been read, 0 if the other end has closed, or -1 if an
-@@ -701,7 +741,7 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
+@@ -726,7 +775,7 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
 	    n = rfbssl_peek(cl, buf, len);
 	else
 #endif
@ -114,7 +160,7 @@ index bbc3d90..27515f2 100644
 
         if (n == len) {
 
-@@ -757,6 +797,22 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
+@@ -782,6 +831,22 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout)
     return 1;
 }
 
@ -137,7 +183,7 @@ index bbc3d90..27515f2 100644
 /*
  * WriteExact writes an exact number of bytes to a client.  Returns 1 if
  * those bytes have been written, or -1 if an error occurred (errno is set to
-@@ -801,7 +857,7 @@ rfbWriteExact(rfbClientPtr cl,
+@@ -826,7 +891,7 @@ rfbWriteExact(rfbClientPtr cl,
 	    n = rfbssl_write(cl, buf, len);
 	else
 #endif
@ -147,12 +193,12 @@ index bbc3d90..27515f2 100644
         if (n > 0) {
 
 diff --git a/rfb/rfb.h b/rfb/rfb.h
-index f982b40..ba9e898 100644
+index 5e9ba86f..3c0b25a3 100644
 --- a/rfb/rfb.h
 +++ b/rfb/rfb.h
-@@ -413,6 +413,14 @@ typedef struct sraRegion* sraRegionPtr;
- 
+@@ -387,6 +387,14 @@ typedef struct sraRegion* sraRegionPtr;
 typedef void (*ClientGoneHookPtr)(struct _rfbClientRec* cl);
+ typedef void (*ClientFramebufferUpdateRequestHookPtr)(struct _rfbClientRec* cl, rfbFramebufferUpdateRequestMsg* furMsg);
 
 +typedef int (*ClientReadFromSocket)(struct _rfbClientRec* cl,
 +                                    char *buf, int len);
@ -165,10 +211,10 @@ index f982b40..ba9e898 100644
 typedef struct _rfbFileTransferData {
   int fd;
   int compressionEnabled;
-@@ -694,6 +702,11 @@ typedef struct _rfbClientRec {
- #ifdef LIBVNCSERVER_HAVE_LIBPTHREAD
-     int pipe_notify_client_thread[2];
- #endif
+@@ -680,6 +688,11 @@ typedef struct _rfbClientRec {
+     rfbBool useExtDesktopSize;
+     int requestedDesktopSizeChange;
+     int lastDesktopSizeChangeError;
 +
 +    ClientReadFromSocket readFromSocket;         /* Read data from socket */
 +    ClientPeekAtSocket peekAtSocket;             /* Peek at data from socket */
@ -177,7 +223,7 @@ index f982b40..ba9e898 100644
 } rfbClientRec, *rfbClientPtr;
 
 /**
-@@ -746,8 +759,12 @@ extern void rfbDisconnectUDPSock(rfbScre
+@@ -732,8 +745,12 @@ extern void rfbDisconnectUDPSock(rfbScreenInfoPtr rfbScreen);
 extern void rfbCloseClient(rfbClientPtr cl);
 extern int rfbReadExact(rfbClientPtr cl, char *buf, int len);
 extern int rfbReadExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout);
@ -188,5 +234,8 @@ index f982b40..ba9e898 100644
 extern int rfbWriteExact(rfbClientPtr cl, const char *buf, int len);
 +extern int rfbDefaultWriteToSocket(rfbClientPtr cl, const char *buf, int len);
 extern int rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec);
- extern int rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port);
- extern int rfbConnectToTcpAddr(char* host, int port);
+ extern rfbSocket rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port);
+ extern rfbSocket rfbConnectToTcpAddr(char* host, int port);
+-- 
+2.25.4
+
--- a/0002-libvncserver-Add-channel-security-handlers.patch
+++ b/0002-libvncserver-Add-channel-security-handlers.patch
@ -1,4 +1,4 @@
-From c343c1b43080bcb45dad285faa5cd8926bfb9811 Mon Sep 17 00:00:00 2001
+From 30b947df1b25cf741f6863b4c3f77e0016aa4898 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
 Date: Mon, 11 Jun 2018 23:50:05 +0200
 Subject: [PATCH 2/2] libvncserver: Add channel security handlers
@ -13,13 +13,13 @@ done by adding a single channel security handler with the rfbTLS (18)
 with a handler that initiates a TLS session, and when a TLS session is
 initiated, the regular security handler list is sent.
 ---
- libvncserver/auth.c      | 162 ++++++++++++++++++++++++++++++---------
+ libvncserver/auth.c      | 164 ++++++++++++++++++++++++++++++---------
 libvncserver/rfbserver.c |   1 +
 rfb/rfb.h                |  15 +++-
- 3 files changed, 140 insertions(+), 38 deletions(-)
+ 3 files changed, 142 insertions(+), 38 deletions(-)

 diff --git a/libvncserver/auth.c b/libvncserver/auth.c
-index 814a814..6581953 100644
+index 814a8142..55e0b3c9 100644
 --- a/libvncserver/auth.c
 +++ b/libvncserver/auth.c
@@ -37,18 +37,17 @@ void rfbClientSendString(rfbClientPtr cl, const char *reason);
@ -255,20 +255,22 @@ index 814a814..6581953 100644
 	if (securityType == rfbSecTypeInvalid) {
 	    rfbLog("VNC authentication disabled - RFB 3.3 client rejected\n");
 	    rfbClientConnFailed(cl, "Your viewer cannot handle required "
-@@ -316,9 +394,11 @@ rfbAuthNewClient(rfbClientPtr cl)
+@@ -316,9 +394,13 @@ rfbAuthNewClient(rfbClientPtr cl)
 	    return;
 	}
 	rfbSendSecurityType(cl, securityType);
 +    } else if (channelSecurityHandlers) {
+	rfbLog("Send channel security type list\n");
 +	rfbSendChannelSecurityTypeList(cl);
     } else {
 	/* Here it's ok when securityType is set to rfbSecTypeInvalid. */
 -	rfbSendSecurityTypeList(cl, securityType);
+	rfbLog("Send channel security type 'none'\n");
 +	rfbSendSecurityTypeList(cl, RFB_SECURITY_TAG_NONE);
     }
 }
 
-@@ -332,6 +412,7 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
+@@ -332,6 +414,7 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
     int n;
     uint8_t chosenType;
     rfbSecurityHandler* handler;
@ -276,7 +278,7 @@ index 814a814..6581953 100644
     
     /* Read the security type. */
     n = rfbReadExact(cl, (char *)&chosenType, 1);
-@@ -344,8 +425,17 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
+@@ -344,8 +427,17 @@ rfbProcessClientSecurityType(rfbClientPtr cl)
 	return;
     }
 
@ -296,10 +298,10 @@ index 814a814..6581953 100644
 	      rfbLog("rfbProcessClientSecurityType: executing handler for type %d\n", chosenType);
 	      handler->handler(cl);
 diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
-index fbedd9f..1e8b3c1 100644
+index cee87dbb..6efede61 100644
 --- a/libvncserver/rfbserver.c
 +++ b/libvncserver/rfbserver.c
-@@ -643,6 +643,7 @@ rfbProcessClientMessage(rfbClientPtr cl)
+@@ -654,6 +654,7 @@ rfbProcessClientMessage(rfbClientPtr cl)
     case RFB_PROTOCOL_VERSION:
         rfbProcessClientProtocolVersion(cl);
         return;
@ -308,10 +310,10 @@ index fbedd9f..1e8b3c1 100644
         rfbProcessClientSecurityType(cl);
         return;
 diff --git a/rfb/rfb.h b/rfb/rfb.h
-index ba9e898..be58d08 100644
+index 3c0b25a3..d136f884 100644
 --- a/rfb/rfb.h
 +++ b/rfb/rfb.h
-@@ -182,6 +182,11 @@ typedef struct {
+@@ -144,6 +144,11 @@ typedef struct {
   } data; /**< there have to be count*3 entries */
 } rfbColourMap;
 
@ -323,7 +325,7 @@ index ba9e898..be58d08 100644
 /**
  * Security handling (RFB protocol version 3.7)
  */
-@@ -190,6 +195,7 @@ typedef struct _rfbSecurity {
+@@ -152,6 +157,7 @@ typedef struct _rfbSecurity {
 	uint8_t type;
 	void (*handler)(struct _rfbClientRec* cl);
 	struct _rfbSecurity* next;
@ -331,7 +333,7 @@ index ba9e898..be58d08 100644
 } rfbSecurityHandler;
 
 /**
-@@ -506,7 +512,7 @@ typedef struct _rfbClientRec {
+@@ -480,7 +486,7 @@ typedef struct _rfbClientRec {
                                 /** Possible client states: */
     enum {
         RFB_PROTOCOL_VERSION,   /**< establishing protocol version */
@ -340,7 +342,7 @@ index ba9e898..be58d08 100644
         RFB_AUTHENTICATION,     /**< authenticating */
         RFB_INITIALISATION,     /**< sending initialisation messages */
         RFB_NORMAL,             /**< normal protocol messages */
-@@ -514,7 +520,9 @@ typedef struct _rfbClientRec {
+@@ -488,7 +494,9 @@ typedef struct _rfbClientRec {
         /* Ephemeral internal-use states that will never be seen by software
          * using LibVNCServer to provide services: */
 
@ -351,7 +353,7 @@ index ba9e898..be58d08 100644
     } state;
 
     rfbBool reverseConnection;
-@@ -855,6 +863,9 @@ extern void rfbProcessClientSecurityType(rfbClientPtr cl);
+@@ -840,6 +848,9 @@ extern void rfbProcessClientSecurityType(rfbClientPtr cl);
 extern void rfbAuthProcessClientMessage(rfbClientPtr cl);
 extern void rfbRegisterSecurityHandler(rfbSecurityHandler* handler);
 extern void rfbUnregisterSecurityHandler(rfbSecurityHandler* handler);
@ -362,5 +364,5 @@ index ba9e898..be58d08 100644
 /* rre.c */
 
 -- 
-2.17.1
+2.25.4

--- a/libvncserver.spec
+++ b/libvncserver.spec
@ -1,7 +1,7 @@
 Summary:    Library to make writing a VNC server easy
 Name:       libvncserver
 Version:    0.9.13
-Release:    1%{?dist}
+Release:    2%{?dist}

 # NOTE: --with-filetransfer => GPLv2
 License:    GPLv2+
@ -80,8 +80,8 @@ developing applications that use %{name}.
 %setup -q -n %{name}-LibVNCServer-%{version}

 ## FIXME: needs rebasing
-#patch10 -p1 -b .tls-1
-#patch11 -p1 -b .tls-2
+%patch10 -p1 -b .tls-1
+%patch11 -p1 -b .tls-2

 %patch102 -p1 -b .crypto_policy

@ -125,6 +125,9 @@ popd


 %changelog
+* Thu Jul 02 2020 Rex Dieter <rdieter@fedoraproject.org> - 0.9.13-2
+- tls patches rebased
+
 * Thu Jul 02 2020 Rex Dieter <rdieter@fedoraproject.org> - 0.9.13-1
 - 0.9.13
 - FIXME/TODO: tls patches need rebasing, work-in-progress