diff --git a/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch b/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch index 0a8cea8..af27908 100644 --- a/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch +++ b/0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch @@ -1,4 +1,4 @@ -From 0a98d629447964f1d5d922d5012ee0c2cbf10694 Mon Sep 17 00:00:00 2001 +From 450f4a50771fd36cdd170356f83ebab5ff0dea51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20=C3=85dahl?= Date: Mon, 11 Jun 2018 23:47:02 +0200 Subject: [PATCH 1/2] libvncserver: Add API to add custom I/O entry points @@ -7,16 +7,16 @@ Add API to make it possible to channel RFB input and output through another layer, for example TLS. This is done by making it possible to override the default read/write/peek functions. --- - libvncserver/rfbserver.c | 4 +++ - libvncserver/sockets.c | 64 +++++++++++++++++++++++++++++++++++++--- - rfb/rfb.h | 17 +++++++++++ - 3 files changed, 81 insertions(+), 4 deletions(-) + libvncserver/rfbserver.c | 4 ++ + libvncserver/sockets.c | 79 ++++++++++++++++++++++++++++++++++++---- + rfb/rfb.h | 17 +++++++++ + 3 files changed, 93 insertions(+), 7 deletions(-) diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c -index 7af6aed..fbedd9f 100644 +index 44ca2153..cee87dbb 100644 --- a/libvncserver/rfbserver.c +++ b/libvncserver/rfbserver.c -@@ -322,6 +322,10 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen, +@@ -319,6 +319,10 @@ rfbNewTCPOrUDPClient(rfbScreenInfoPtr rfbScreen, cl->screen = rfbScreen; cl->sock = sock; @@ -28,10 +28,56 @@ index 7af6aed..fbedd9f 100644 /* setup pseudo scaling */ cl->scaledScreen = rfbScreen; diff --git a/libvncserver/sockets.c b/libvncserver/sockets.c -index bbc3d90..27515f2 100644 +index 2c87376b..4bb881ec 100644 --- a/libvncserver/sockets.c +++ b/libvncserver/sockets.c -@@ -589,6 +589,30 @@ rfbConnect(rfbScreenInfoPtr rfbScreen, +@@ -101,6 +101,9 @@ int deny_severity=LOG_WARNING; + int rfbMaxClientWait = 20000; /* time (ms) after which we decide client has + gone away - needed to stop us hanging */ + ++static rfbBool ++rfbHasPendingOnSocket(rfbClientPtr cl); ++ + static rfbBool + rfbNewConnectionFromSock(rfbScreenInfoPtr rfbScreen, rfbSocket sock) + { +@@ -364,16 +367,20 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec) + tv.tv_usec = usec; + nfds = select(rfbScreen->maxFd + 1, &fds, NULL, NULL /* &fds */, &tv); + if (nfds == 0) { ++ rfbBool hasPendingData = FALSE; ++ + /* timed out, check for async events */ + i = rfbGetClientIterator(rfbScreen); + while((cl = rfbClientIteratorNext(i))) { + if (cl->onHold) + continue; ++ hasPendingData |= rfbHasPendingOnSocket(cl); + if (FD_ISSET(cl->sock, &(rfbScreen->allFds))) + rfbSendFileTransferChunk(cl); + } + rfbReleaseClientIterator(i); +- return result; ++ if (!hasPendingData) ++ return result; + } + + if (nfds < 0) { +@@ -449,9 +456,11 @@ rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec) + if (cl->onHold) + continue; + +- if (FD_ISSET(cl->sock, &(rfbScreen->allFds))) ++ if (rfbHasPendingOnSocket (cl) || ++ FD_ISSET(cl->sock, &(rfbScreen->allFds))) + { +- if (FD_ISSET(cl->sock, &fds)) ++ if (rfbHasPendingOnSocket (cl) || ++ FD_ISSET(cl->sock, &fds)) + { + #ifdef LIBVNCSERVER_WITH_WEBSOCKETS + do { +@@ -614,6 +623,30 @@ rfbConnect(rfbScreenInfoPtr rfbScreen, return sock; } @@ -56,13 +102,13 @@ index bbc3d90..27515f2 100644 +static rfbBool +rfbHasPendingOnSocket(rfbClientPtr cl) +{ -+ cl->hasPendingOnSocket(cl); ++ return cl->hasPendingOnSocket(cl); +} + /* * ReadExact reads an exact number of bytes from a client. Returns 1 if * those bytes have been read, 0 if the other end has closed, or -1 if an error -@@ -610,10 +634,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout) +@@ -635,10 +668,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout) } else if (cl->sslctx) { n = rfbssl_read(cl, buf, len); } else { @@ -75,7 +121,7 @@ index bbc3d90..27515f2 100644 #endif if (n > 0) { -@@ -645,6 +669,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout) +@@ -670,6 +703,10 @@ rfbReadExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout) continue; } #endif @@ -86,7 +132,7 @@ index bbc3d90..27515f2 100644 FD_ZERO(&fds); FD_SET(sock, &fds); tv.tv_sec = timeout / 1000; -@@ -681,6 +709,18 @@ int rfbReadExact(rfbClientPtr cl,char* buf,int len) +@@ -706,6 +743,18 @@ int rfbReadExact(rfbClientPtr cl,char* buf,int len) return(rfbReadExactTimeout(cl,buf,len,rfbMaxClientWait)); } @@ -105,7 +151,7 @@ index bbc3d90..27515f2 100644 /* * PeekExact peeks at an exact number of bytes from a client. Returns 1 if * those bytes have been read, 0 if the other end has closed, or -1 if an -@@ -701,7 +741,7 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout) +@@ -726,7 +775,7 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout) n = rfbssl_peek(cl, buf, len); else #endif @@ -114,7 +160,7 @@ index bbc3d90..27515f2 100644 if (n == len) { -@@ -757,6 +797,22 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout) +@@ -782,6 +831,22 @@ rfbPeekExactTimeout(rfbClientPtr cl, char* buf, int len, int timeout) return 1; } @@ -137,7 +183,7 @@ index bbc3d90..27515f2 100644 /* * WriteExact writes an exact number of bytes to a client. Returns 1 if * those bytes have been written, or -1 if an error occurred (errno is set to -@@ -801,7 +857,7 @@ rfbWriteExact(rfbClientPtr cl, +@@ -826,7 +891,7 @@ rfbWriteExact(rfbClientPtr cl, n = rfbssl_write(cl, buf, len); else #endif @@ -147,12 +193,12 @@ index bbc3d90..27515f2 100644 if (n > 0) { diff --git a/rfb/rfb.h b/rfb/rfb.h -index f982b40..ba9e898 100644 +index 5e9ba86f..3c0b25a3 100644 --- a/rfb/rfb.h +++ b/rfb/rfb.h -@@ -413,6 +413,14 @@ typedef struct sraRegion* sraRegionPtr; - +@@ -387,6 +387,14 @@ typedef struct sraRegion* sraRegionPtr; typedef void (*ClientGoneHookPtr)(struct _rfbClientRec* cl); + typedef void (*ClientFramebufferUpdateRequestHookPtr)(struct _rfbClientRec* cl, rfbFramebufferUpdateRequestMsg* furMsg); +typedef int (*ClientReadFromSocket)(struct _rfbClientRec* cl, + char *buf, int len); @@ -165,10 +211,10 @@ index f982b40..ba9e898 100644 typedef struct _rfbFileTransferData { int fd; int compressionEnabled; -@@ -694,6 +702,11 @@ typedef struct _rfbClientRec { - #ifdef LIBVNCSERVER_HAVE_LIBPTHREAD - int pipe_notify_client_thread[2]; - #endif +@@ -680,6 +688,11 @@ typedef struct _rfbClientRec { + rfbBool useExtDesktopSize; + int requestedDesktopSizeChange; + int lastDesktopSizeChangeError; + + ClientReadFromSocket readFromSocket; /* Read data from socket */ + ClientPeekAtSocket peekAtSocket; /* Peek at data from socket */ @@ -177,7 +223,7 @@ index f982b40..ba9e898 100644 } rfbClientRec, *rfbClientPtr; /** -@@ -746,8 +759,12 @@ extern void rfbDisconnectUDPSock(rfbScre +@@ -732,8 +745,12 @@ extern void rfbDisconnectUDPSock(rfbScreenInfoPtr rfbScreen); extern void rfbCloseClient(rfbClientPtr cl); extern int rfbReadExact(rfbClientPtr cl, char *buf, int len); extern int rfbReadExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout); @@ -188,5 +234,8 @@ index f982b40..ba9e898 100644 extern int rfbWriteExact(rfbClientPtr cl, const char *buf, int len); +extern int rfbDefaultWriteToSocket(rfbClientPtr cl, const char *buf, int len); extern int rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec); - extern int rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port); - extern int rfbConnectToTcpAddr(char* host, int port); + extern rfbSocket rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port); + extern rfbSocket rfbConnectToTcpAddr(char* host, int port); +-- +2.25.4 + diff --git a/0002-libvncserver-Add-channel-security-handlers.patch b/0002-libvncserver-Add-channel-security-handlers.patch index e922461..de2e421 100644 --- a/0002-libvncserver-Add-channel-security-handlers.patch +++ b/0002-libvncserver-Add-channel-security-handlers.patch @@ -1,4 +1,4 @@ -From c343c1b43080bcb45dad285faa5cd8926bfb9811 Mon Sep 17 00:00:00 2001 +From 30b947df1b25cf741f6863b4c3f77e0016aa4898 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20=C3=85dahl?= Date: Mon, 11 Jun 2018 23:50:05 +0200 Subject: [PATCH 2/2] libvncserver: Add channel security handlers @@ -13,13 +13,13 @@ done by adding a single channel security handler with the rfbTLS (18) with a handler that initiates a TLS session, and when a TLS session is initiated, the regular security handler list is sent. --- - libvncserver/auth.c | 162 ++++++++++++++++++++++++++++++--------- + libvncserver/auth.c | 164 ++++++++++++++++++++++++++++++--------- libvncserver/rfbserver.c | 1 + rfb/rfb.h | 15 +++- - 3 files changed, 140 insertions(+), 38 deletions(-) + 3 files changed, 142 insertions(+), 38 deletions(-) diff --git a/libvncserver/auth.c b/libvncserver/auth.c -index 814a814..6581953 100644 +index 814a8142..55e0b3c9 100644 --- a/libvncserver/auth.c +++ b/libvncserver/auth.c @@ -37,18 +37,17 @@ void rfbClientSendString(rfbClientPtr cl, const char *reason); @@ -255,20 +255,22 @@ index 814a814..6581953 100644 if (securityType == rfbSecTypeInvalid) { rfbLog("VNC authentication disabled - RFB 3.3 client rejected\n"); rfbClientConnFailed(cl, "Your viewer cannot handle required " -@@ -316,9 +394,11 @@ rfbAuthNewClient(rfbClientPtr cl) +@@ -316,9 +394,13 @@ rfbAuthNewClient(rfbClientPtr cl) return; } rfbSendSecurityType(cl, securityType); + } else if (channelSecurityHandlers) { ++ rfbLog("Send channel security type list\n"); + rfbSendChannelSecurityTypeList(cl); } else { /* Here it's ok when securityType is set to rfbSecTypeInvalid. */ - rfbSendSecurityTypeList(cl, securityType); ++ rfbLog("Send channel security type 'none'\n"); + rfbSendSecurityTypeList(cl, RFB_SECURITY_TAG_NONE); } } -@@ -332,6 +412,7 @@ rfbProcessClientSecurityType(rfbClientPtr cl) +@@ -332,6 +414,7 @@ rfbProcessClientSecurityType(rfbClientPtr cl) int n; uint8_t chosenType; rfbSecurityHandler* handler; @@ -276,7 +278,7 @@ index 814a814..6581953 100644 /* Read the security type. */ n = rfbReadExact(cl, (char *)&chosenType, 1); -@@ -344,8 +425,17 @@ rfbProcessClientSecurityType(rfbClientPtr cl) +@@ -344,8 +427,17 @@ rfbProcessClientSecurityType(rfbClientPtr cl) return; } @@ -296,10 +298,10 @@ index 814a814..6581953 100644 rfbLog("rfbProcessClientSecurityType: executing handler for type %d\n", chosenType); handler->handler(cl); diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c -index fbedd9f..1e8b3c1 100644 +index cee87dbb..6efede61 100644 --- a/libvncserver/rfbserver.c +++ b/libvncserver/rfbserver.c -@@ -643,6 +643,7 @@ rfbProcessClientMessage(rfbClientPtr cl) +@@ -654,6 +654,7 @@ rfbProcessClientMessage(rfbClientPtr cl) case RFB_PROTOCOL_VERSION: rfbProcessClientProtocolVersion(cl); return; @@ -308,10 +310,10 @@ index fbedd9f..1e8b3c1 100644 rfbProcessClientSecurityType(cl); return; diff --git a/rfb/rfb.h b/rfb/rfb.h -index ba9e898..be58d08 100644 +index 3c0b25a3..d136f884 100644 --- a/rfb/rfb.h +++ b/rfb/rfb.h -@@ -182,6 +182,11 @@ typedef struct { +@@ -144,6 +144,11 @@ typedef struct { } data; /**< there have to be count*3 entries */ } rfbColourMap; @@ -323,7 +325,7 @@ index ba9e898..be58d08 100644 /** * Security handling (RFB protocol version 3.7) */ -@@ -190,6 +195,7 @@ typedef struct _rfbSecurity { +@@ -152,6 +157,7 @@ typedef struct _rfbSecurity { uint8_t type; void (*handler)(struct _rfbClientRec* cl); struct _rfbSecurity* next; @@ -331,7 +333,7 @@ index ba9e898..be58d08 100644 } rfbSecurityHandler; /** -@@ -506,7 +512,7 @@ typedef struct _rfbClientRec { +@@ -480,7 +486,7 @@ typedef struct _rfbClientRec { /** Possible client states: */ enum { RFB_PROTOCOL_VERSION, /**< establishing protocol version */ @@ -340,7 +342,7 @@ index ba9e898..be58d08 100644 RFB_AUTHENTICATION, /**< authenticating */ RFB_INITIALISATION, /**< sending initialisation messages */ RFB_NORMAL, /**< normal protocol messages */ -@@ -514,7 +520,9 @@ typedef struct _rfbClientRec { +@@ -488,7 +494,9 @@ typedef struct _rfbClientRec { /* Ephemeral internal-use states that will never be seen by software * using LibVNCServer to provide services: */ @@ -351,7 +353,7 @@ index ba9e898..be58d08 100644 } state; rfbBool reverseConnection; -@@ -855,6 +863,9 @@ extern void rfbProcessClientSecurityType(rfbClientPtr cl); +@@ -840,6 +848,9 @@ extern void rfbProcessClientSecurityType(rfbClientPtr cl); extern void rfbAuthProcessClientMessage(rfbClientPtr cl); extern void rfbRegisterSecurityHandler(rfbSecurityHandler* handler); extern void rfbUnregisterSecurityHandler(rfbSecurityHandler* handler); @@ -362,5 +364,5 @@ index ba9e898..be58d08 100644 /* rre.c */ -- -2.17.1 +2.25.4 diff --git a/libvncserver.spec b/libvncserver.spec index 018f8a8..b97c9eb 100644 --- a/libvncserver.spec +++ b/libvncserver.spec @@ -1,7 +1,7 @@ Summary: Library to make writing a VNC server easy Name: libvncserver Version: 0.9.13 -Release: 1%{?dist} +Release: 2%{?dist} # NOTE: --with-filetransfer => GPLv2 License: GPLv2+ @@ -80,8 +80,8 @@ developing applications that use %{name}. %setup -q -n %{name}-LibVNCServer-%{version} ## FIXME: needs rebasing -#patch10 -p1 -b .tls-1 -#patch11 -p1 -b .tls-2 +%patch10 -p1 -b .tls-1 +%patch11 -p1 -b .tls-2 %patch102 -p1 -b .crypto_policy @@ -125,6 +125,9 @@ popd %changelog +* Thu Jul 02 2020 Rex Dieter - 0.9.13-2 +- tls patches rebased + * Thu Jul 02 2020 Rex Dieter - 0.9.13-1 - 0.9.13 - FIXME/TODO: tls patches need rebasing, work-in-progress