[pve-devel] r5406 - vncterm/pve2/vncpatches
svn-commits at proxmox.com
svn-commits at proxmox.com
Thu Jan 20 17:05:50 CET 2011
Author: dietmar
Date: 2011-01-20 17:05:50 +0100 (Thu, 20 Jan 2011)
New Revision: 5406
Added:
vncterm/pve2/vncpatches/patch2.diff
Log:
Added: vncterm/pve2/vncpatches/patch2.diff
===================================================================
--- vncterm/pve2/vncpatches/patch2.diff (rev 0)
+++ vncterm/pve2/vncpatches/patch2.diff 2011-01-20 16:05:50 UTC (rev 5406)
@@ -0,0 +1,384 @@
+Index: vnc/libvncserver/auth.c
+===================================================================
+--- vnc.orig/libvncserver/auth.c 2006-12-15 02:43:52.000000000 +0100
++++ vnc/libvncserver/auth.c 2011-01-20 13:35:13.000000000 +0100
+@@ -270,8 +270,9 @@
+ int32_t securityType = rfbSecTypeInvalid;
+
+ if (!cl->screen->authPasswdData || cl->reverseConnection) {
+- /* chk if this condition is valid or not. */
+- securityType = rfbSecTypeNone;
++ /* chk if this condition is valid or not. */
++ /* we disable anonymous auth */
++ // securityType = rfbSecTypeNone;
+ } else if (cl->screen->authPasswdData) {
+ securityType = rfbSecTypeVncAuth;
+ }
+Index: vnc/newterm/Makefile.am
+===================================================================
+--- vnc.orig/newterm/Makefile.am 2011-01-20 13:31:26.000000000 +0100
++++ vnc/newterm/Makefile.am 2011-01-20 13:45:06.000000000 +0100
+@@ -1,7 +1,7 @@
+-AM_CFLAGS=-I $(top_srcdir)
++AM_CFLAGS=-I $(top_srcdir) -DDEBUG
+
+-LDADD=../libvncserver/libvncserver.la @WSOCKLIB@ -lutil
+-INCLUDES=-I.
++LDADD= ../libvncserver/libvncserver.la @WSOCKLIB@ -lgnutls -lutil
++INCLUDES=-I.
+
+ noinst_PROGRAMS=vncterm
+ vncterm_SOURCES=vncterm.c vncterm.h
+Index: vnc/newterm/vncterm.c
+===================================================================
+--- vnc.orig/newterm/vncterm.c 2011-01-20 13:41:18.000000000 +0100
++++ vnc/newterm/vncterm.c 2011-01-20 17:05:31.000000000 +0100
+@@ -37,6 +37,94 @@
+ #include "vncterm.h"
+ #include "glyphs.h"
+
++#include <gnutls/gnutls.h>
++#include <gnutls/x509.h>
++
++#ifdef DEBUG
++static void vnc_debug_gnutls_log(int level, const char* str) {
++ fprintf(stderr, "%d %s", level, str);
++}
++#endif
++
++#define DH_BITS 1024
++static gnutls_dh_params_t dh_params;
++
++typedef struct {
++ gnutls_session_t session;
++} tls_client_t;
++
++static ssize_t
++vnc_tls_push(
++ gnutls_transport_ptr_t transport,
++ const void *data,
++ size_t len)
++{
++ rfbClientPtr cl = (rfbClientPtr)transport;
++ int n;
++
++retry:
++ n = send(cl->sock, data, len, 0);
++ //fixme: is that safe?
++ if (n < 0) {
++ if (errno == EINTR)
++ goto retry;
++ return -1;
++ }
++ return n;
++}
++
++static ssize_t
++vnc_tls_pull(
++ gnutls_transport_ptr_t transport,
++ void *data,
++ size_t len)
++{
++ rfbClientPtr cl = (rfbClientPtr)transport;
++ int n;
++
++retry:
++ n = recv(cl->sock, data, len, 0);
++ if (n < 0) {
++ if (errno == EINTR)
++ goto retry;
++ return -1;
++ }
++ return n;
++}
++
++ssize_t my_tls_read(rfbClientPtr cl, void *buf, size_t count)
++{
++ rfbLog("my_tls_read\n");
++ tls_client_t *sd = (tls_client_t *)cl->clientData;
++
++ int ret = gnutls_read(sd->session, buf, count);
++ if (ret < 0) {
++ if (ret == GNUTLS_E_AGAIN)
++ errno = EAGAIN;
++ else
++ errno = EIO;
++ ret = -1;
++ }
++
++ return ret;
++}
++
++static gnutls_anon_server_credentials
++tls_initialize_anon_cred(void)
++{
++ gnutls_anon_server_credentials anon_cred;
++ int ret;
++
++ if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
++ fprintf(stderr, "can't allocate credentials %s\n", gnutls_strerror(ret));
++ return NULL;
++ }
++
++ gnutls_anon_set_server_dh_params(anon_cred, dh_params);
++
++ return anon_cred;
++}
++
+ /* define this for debugging */
+ //#define DEBUG
+
+@@ -45,10 +133,183 @@
+ #define rfbSecTypeVencrypt 19
+ #define rfbVencryptTlsPlain 259
+
++int rfbEncodeU32(char *buf, uint32_t value)
++{
++ buf[0] = (value >> 24) & 0xFF;
++ buf[1] = (value >> 16) & 0xFF;
++ buf[2] = (value >> 8) & 0xFF;
++ buf[3] = value & 0xFF;
++}
++
++uint32_t rfbDecodeU32(uint8_t *data, size_t offset)
++{
++ return ((data[offset] << 24) | (data[offset + 1] << 16) |
++ (data[offset + 2] << 8) | data[offset + 3]);
++}
++
+ static void
+ rfbVncAuthVencrypt(rfbClientPtr cl)
+ {
++ vncTerm *vt =(vncTerm *)cl->screen->screenData;
++ int ret;
++
++ /* Send VeNCrypt version 0.2 */
++ char buf[256];
++ buf[0] = 0;
++ buf[1] = 2;
++
++ printf("TEST1\n");
++ if (rfbWriteExact(cl, buf, 2) < 0) {
++ rfbLogPerror("rfbVncAuthVencrypt: write");
++ rfbCloseClient(cl);
++ return;
++ }
+
++ printf("TEST2\n");
++ int n = rfbReadExact(cl, buf, 2);
++ if (n <= 0) {
++ if (n == 0)
++ rfbLog("rfbVncAuthVencrypt: client gone\n");
++ else
++ rfbLogPerror("rfbVncAuthVencrypt: read");
++ rfbCloseClient(cl);
++ return;
++ }
++
++ printf("TEST3\n");
++
++ if (buf[0] != 0 || buf[1] != 2) {
++ rfbLog("Unsupported VeNCrypt protocol %d.%d\n",
++ (int)buf[0], (int)buf[1]);
++ buf[0] = 1; /* Reject version */
++ rfbWriteExact(cl, buf, 1);
++ rfbCloseClient(cl);
++ return;
++ }
++
++ /* Sending allowed auth */
++ printf("TEST4\n");
++
++ buf[0] = 0; /* Accept version */
++ buf[1] = 1; /* number of sub auths */
++ rfbEncodeU32(buf+2, rfbVencryptTlsPlain);
++ if (rfbWriteExact(cl, buf, 6) < 0) {
++ rfbLogPerror("rfbVncAuthVencrypt: write");
++ rfbCloseClient(cl);
++ return;
++ }
++
++ printf("TEST5\n");
++ n = rfbReadExact(cl, buf, 4);
++ if (n <= 0) {
++ if (n == 0)
++ rfbLog("rfbVncAuthVencrypt: client gone\n");
++ else
++ rfbLogPerror("rfbVncAuthVencrypt: read");
++ rfbCloseClient(cl);
++ return;
++ }
++
++ int auth = rfbDecodeU32(buf, 0);
++ printf("TEST6 %d\n", auth);
++ if (auth != rfbVencryptTlsPlain) {
++ buf[0] = 1; /* Reject version */
++ rfbWriteExact(cl, buf, 1);
++ rfbCloseClient(cl);
++ return;
++ }
++
++ printf("TEST7\n");
++ buf[0] = 1; /* Accept auth */
++ if (rfbWriteExact(cl, buf, 1) < 0) {
++ rfbLogPerror("rfbVncAuthVencrypt: write");
++ rfbCloseClient(cl);
++ return;
++ }
++
++ printf("TEST8\n");
++
++
++ tls_client_t *sd = calloc(1, sizeof(tls_client_t));
++ cl->clientData = sd;
++
++ if (sd->session == NULL) {
++ if (gnutls_init(&sd->session, GNUTLS_SERVER) < 0) {
++ fprintf(stderr, "gnutls_init FAILED");
++ exit(-1); //fixme
++ }
++
++ if (gnutls_set_default_priority(sd->session) < 0) {
++ fprintf(stderr, "gnutls_set_default_priority FAILED");
++ exit(-1); //fixme
++ }
++
++ static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
++ if (gnutls_kx_set_priority(sd->session, kx_anon) < 0) {
++ fprintf(stderr, "gnutls_kx_set_priority FAILED");
++ exit(-1); //fixme
++ }
++
++ static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
++ if (gnutls_certificate_type_set_priority(sd->session, cert_type_priority) < 0) {
++ fprintf(stderr, "gnutls_certificate_type_set_priority FAILED");
++ exit(-1); //fixme
++ }
++
++ static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
++ if (gnutls_protocol_set_priority(sd->session, protocol_priority) < 0) {
++ fprintf(stderr, "gnutls_protocol_set_priority FAILED");
++ exit(-1); //fixme
++ }
++
++ gnutls_anon_server_credentials anon_cred;
++
++ if (!(anon_cred = tls_initialize_anon_cred())) {
++ exit(-1); //fixme
++ }
++
++ if (gnutls_credentials_set(sd->session, GNUTLS_CRD_ANON, anon_cred) < 0) {
++ fprintf(stderr, "gnutls_credentials_set FAILED");
++ gnutls_anon_free_server_credentials(anon_cred);
++ exit(-1); //fixme
++ }
++
++ gnutls_transport_set_ptr(sd->session, (gnutls_transport_ptr_t)cl);
++ gnutls_transport_set_push_function(sd->session, vnc_tls_push);
++ gnutls_transport_set_pull_function(sd->session, vnc_tls_pull);
++ printf("TEST 9\n");
++ }
++
++
++retry:
++ printf("TEST 10 %p\n", cl);
++
++ if ((ret = gnutls_handshake(sd->session)) < 0) {
++ if (!gnutls_error_is_fatal(ret)) {
++ usleep(10000);
++ goto retry;
++ }
++ rfbLog("rfbVncAuthVencrypt: handshake failed\n");
++ rfbCloseClient(cl);
++ return;
++ }
++
++ cl->sock_read_fn = &my_tls_read;
++
++ /* start subauth - read plain password */
++ n = rfbReadExact(cl, buf, 8);
++ if (n <= 0) {
++ if (n == 0)
++ rfbLog("rfbVncAuthVencrypt: client gone\n");
++ else
++ rfbLogPerror("rfbVncAuthVencrypt: read");
++ rfbCloseClient(cl);
++ return;
++ }
++
++ //fixme: read len, lew, id, pw
++
++ printf("TEST end\n");
+ }
+
+ static rfbSecurityHandler VncSecurityHandlerVencrypt = {
+@@ -1759,6 +2020,21 @@
+ time_t elapsed, cur_time;
+ struct winsize dimensions;
+
++ if (gnutls_global_init () < 0) {
++ fprintf(stderr, "gnutls_global_init failed\n");
++ exit(-1);
++ }
++
++ if (gnutls_dh_params_init (&dh_params) < 0) {
++ fprintf(stderr, "gnutls_dh_params_init failed\n");
++ exit(-1);
++ }
++
++ if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0) {
++ fprintf(stderr, "gnutls_dh_params_init failed\n");
++ exit(-1);
++ }
++
+ for (i = 1; i < argc; i++) {
+ if (!strcmp (argv[i], "-c")) {
+ command = argv[i+1];
+@@ -1784,6 +2060,8 @@
+
+ #ifdef DEBUG
+ rfbLogEnable (1);
++ gnutls_global_set_log_level(10);
++ gnutls_global_set_log_function(vnc_debug_gnutls_log);
+ #else
+ rfbLogEnable (0);
+ #endif
+Index: vnc/libvncserver/sockets.c
+===================================================================
+--- vnc.orig/libvncserver/sockets.c 2011-01-20 16:42:41.000000000 +0100
++++ vnc/libvncserver/sockets.c 2011-01-20 16:47:59.000000000 +0100
+@@ -454,8 +454,12 @@
+ fd_set fds;
+ struct timeval tv;
+
++
+ while (len > 0) {
+- n = read(sock, buf, len);
++ if (cl->sock_read_fn)
++ n = cl->sock_read_fn(cl, buf, len);
++ else
++ n = read(sock, buf, len);
+
+ if (n > 0) {
+
+Index: vnc/rfb/rfb.h
+===================================================================
+--- vnc.orig/rfb/rfb.h 2011-01-20 16:36:06.000000000 +0100
++++ vnc/rfb/rfb.h 2011-01-20 16:51:22.000000000 +0100
+@@ -397,6 +397,8 @@
+ struct _rfbStatList *Next;
+ } rfbStatList;
+
++typedef ssize_t (*sock_read_fn_t)(struct _rfbClientRec *cl, void *buf, size_t count);
++
+ typedef struct _rfbClientRec {
+
+ /* back pointer to the screen */
+@@ -417,6 +419,7 @@
+ void* clientData;
+ ClientGoneHookPtr clientGoneHook;
+
++ sock_read_fn_t sock_read_fn;
+ SOCKET sock;
+ char *host;
+
More information about the pve-devel
mailing list