[pve-devel] r5406 - vncterm/pve2/vncpatches

svn-commits at proxmox.com svn-commits at proxmox.com
Thu Jan 20 17:05:50 CET 2011


Author: dietmar
Date: 2011-01-20 17:05:50 +0100 (Thu, 20 Jan 2011)
New Revision: 5406

Added:
   vncterm/pve2/vncpatches/patch2.diff
Log:


Added: vncterm/pve2/vncpatches/patch2.diff
===================================================================
--- vncterm/pve2/vncpatches/patch2.diff	                        (rev 0)
+++ vncterm/pve2/vncpatches/patch2.diff	2011-01-20 16:05:50 UTC (rev 5406)
@@ -0,0 +1,384 @@
+Index: vnc/libvncserver/auth.c
+===================================================================
+--- vnc.orig/libvncserver/auth.c	2006-12-15 02:43:52.000000000 +0100
++++ vnc/libvncserver/auth.c	2011-01-20 13:35:13.000000000 +0100
+@@ -270,8 +270,9 @@
+     int32_t securityType = rfbSecTypeInvalid;
+ 
+     if (!cl->screen->authPasswdData || cl->reverseConnection) {
+-	/* chk if this condition is valid or not. */
+-	securityType = rfbSecTypeNone;
++	    /* chk if this condition is valid or not. */
++	    /* we disable anonymous auth */
++	    // securityType = rfbSecTypeNone;
+     } else if (cl->screen->authPasswdData) {
+  	    securityType = rfbSecTypeVncAuth;
+     }
+Index: vnc/newterm/Makefile.am
+===================================================================
+--- vnc.orig/newterm/Makefile.am	2011-01-20 13:31:26.000000000 +0100
++++ vnc/newterm/Makefile.am	2011-01-20 13:45:06.000000000 +0100
+@@ -1,7 +1,7 @@
+-AM_CFLAGS=-I $(top_srcdir)
++AM_CFLAGS=-I $(top_srcdir) -DDEBUG
+ 
+-LDADD=../libvncserver/libvncserver.la @WSOCKLIB@ -lutil
+-INCLUDES=-I.
++LDADD= ../libvncserver/libvncserver.la @WSOCKLIB@ -lgnutls -lutil
++INCLUDES=-I. 
+ 
+ noinst_PROGRAMS=vncterm 
+ vncterm_SOURCES=vncterm.c vncterm.h
+Index: vnc/newterm/vncterm.c
+===================================================================
+--- vnc.orig/newterm/vncterm.c	2011-01-20 13:41:18.000000000 +0100
++++ vnc/newterm/vncterm.c	2011-01-20 17:05:31.000000000 +0100
+@@ -37,6 +37,94 @@
+ #include "vncterm.h"
+ #include "glyphs.h"
+ 
++#include <gnutls/gnutls.h>
++#include <gnutls/x509.h>
++
++#ifdef DEBUG
++static void vnc_debug_gnutls_log(int level, const char* str) {
++	fprintf(stderr, "%d %s", level, str);
++}
++#endif
++
++#define DH_BITS 1024
++static gnutls_dh_params_t dh_params;
++
++typedef struct {
++	gnutls_session_t session;
++} tls_client_t;
++
++static ssize_t
++vnc_tls_push(
++	gnutls_transport_ptr_t transport,
++	const void *data,
++	size_t len)
++{
++	rfbClientPtr cl = (rfbClientPtr)transport;
++	int n;
++
++retry:
++	n = send(cl->sock, data, len, 0);
++	//fixme: is that safe?
++	if (n < 0) {
++		if (errno == EINTR)
++			goto retry;
++		return -1;
++	}
++	return n;
++}
++
++static ssize_t
++vnc_tls_pull(
++	gnutls_transport_ptr_t transport,
++	void *data,
++	size_t len)
++{
++	rfbClientPtr cl = (rfbClientPtr)transport;
++	int n;
++
++retry:
++ 	n = recv(cl->sock, data, len, 0);
++	if (n < 0) {
++		if (errno == EINTR)
++			goto retry;
++		return -1;
++	}
++	return n;
++}
++
++ssize_t my_tls_read(rfbClientPtr cl, void *buf, size_t count)
++{
++	rfbLog("my_tls_read\n");
++	tls_client_t *sd = (tls_client_t *)cl->clientData;
++
++        int ret = gnutls_read(sd->session, buf, count);
++        if (ret < 0) {
++		if (ret == GNUTLS_E_AGAIN)
++			errno = EAGAIN;
++		else
++			errno = EIO;
++		ret = -1;
++        }
++
++	return ret;
++}
++
++static gnutls_anon_server_credentials
++tls_initialize_anon_cred(void)
++{
++	gnutls_anon_server_credentials anon_cred;
++	int ret;
++
++	if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
++		fprintf(stderr, "can't allocate credentials %s\n", gnutls_strerror(ret));
++		return NULL;
++	}
++
++	gnutls_anon_set_server_dh_params(anon_cred, dh_params);
++
++	return anon_cred;
++}
++
+ /* define this for debugging */
+ //#define DEBUG
+ 
+@@ -45,10 +133,183 @@
+ #define rfbSecTypeVencrypt  19
+ #define rfbVencryptTlsPlain 259
+ 
++int rfbEncodeU32(char *buf, uint32_t value)
++{
++    buf[0] = (value >> 24) & 0xFF;
++    buf[1] = (value >> 16) & 0xFF;
++    buf[2] = (value >>  8) & 0xFF;
++    buf[3] = value & 0xFF;
++}
++
++uint32_t rfbDecodeU32(uint8_t *data, size_t offset)
++{
++	return ((data[offset] << 24) | (data[offset + 1] << 16) |
++		(data[offset + 2] << 8) | data[offset + 3]);
++}
++
+ static void
+ rfbVncAuthVencrypt(rfbClientPtr cl)
+ {
++	vncTerm *vt =(vncTerm *)cl->screen->screenData;
++	int ret;
++
++	/* Send VeNCrypt version 0.2 */
++	char buf[256];
++	buf[0] = 0;
++	buf[1] = 2;
++
++	printf("TEST1\n");
++	if (rfbWriteExact(cl, buf, 2) < 0) {
++            rfbLogPerror("rfbVncAuthVencrypt: write");
++            rfbCloseClient(cl);
++            return;
++	}
+ 
++	printf("TEST2\n");
++	int n = rfbReadExact(cl, buf, 2);
++	if (n <= 0) {
++		if (n == 0)
++			rfbLog("rfbVncAuthVencrypt: client gone\n");
++		else
++			rfbLogPerror("rfbVncAuthVencrypt: read");
++		rfbCloseClient(cl);
++		return;
++	}
++
++	printf("TEST3\n");
++
++	if (buf[0] != 0 || buf[1] != 2) {
++		rfbLog("Unsupported VeNCrypt protocol %d.%d\n",
++		       (int)buf[0], (int)buf[1]);
++		buf[0] = 1; /* Reject version */
++		rfbWriteExact(cl, buf, 1);
++		rfbCloseClient(cl);
++		return;
++	}
++
++	/* Sending allowed auth */
++	printf("TEST4\n");
++
++	buf[0] = 0; /* Accept version */
++	buf[1] = 1; /* number of sub auths */
++	rfbEncodeU32(buf+2, rfbVencryptTlsPlain);
++	if (rfbWriteExact(cl, buf, 6) < 0) {
++		rfbLogPerror("rfbVncAuthVencrypt: write");
++		rfbCloseClient(cl);
++		return;
++	}
++
++	printf("TEST5\n");
++	n = rfbReadExact(cl, buf, 4);
++	if (n <= 0) {
++		if (n == 0)
++			rfbLog("rfbVncAuthVencrypt: client gone\n");
++		else
++			rfbLogPerror("rfbVncAuthVencrypt: read");
++		rfbCloseClient(cl);
++		return;
++	}
++
++	int auth = rfbDecodeU32(buf, 0);
++	printf("TEST6 %d\n", auth);
++	if (auth != rfbVencryptTlsPlain) {
++		buf[0] = 1; /* Reject version */
++		rfbWriteExact(cl, buf, 1);
++		rfbCloseClient(cl);
++		return;
++	}
++
++	printf("TEST7\n");
++	buf[0] = 1; /* Accept auth */
++	if (rfbWriteExact(cl, buf, 1) < 0) {
++		rfbLogPerror("rfbVncAuthVencrypt: write");
++		rfbCloseClient(cl);
++		return;
++	}
++
++	printf("TEST8\n");
++
++
++	tls_client_t *sd = calloc(1, sizeof(tls_client_t));
++	cl->clientData = sd;
++
++	if (sd->session == NULL) {
++		if (gnutls_init(&sd->session, GNUTLS_SERVER) < 0) {
++			fprintf(stderr, "gnutls_init FAILED");
++			exit(-1); //fixme
++		}
++
++		if (gnutls_set_default_priority(sd->session) < 0) {
++			fprintf(stderr, "gnutls_set_default_priority FAILED");
++			exit(-1); //fixme
++		}
++
++		static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
++		if (gnutls_kx_set_priority(sd->session, kx_anon) < 0) {
++			fprintf(stderr, "gnutls_kx_set_priority FAILED");
++			exit(-1); //fixme
++		}
++
++		static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
++		if (gnutls_certificate_type_set_priority(sd->session, cert_type_priority) < 0) {
++			fprintf(stderr, "gnutls_certificate_type_set_priority FAILED");
++			exit(-1); //fixme
++		}
++
++		static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
++		if (gnutls_protocol_set_priority(sd->session, protocol_priority) < 0) {
++			fprintf(stderr, "gnutls_protocol_set_priority FAILED");
++			exit(-1); //fixme
++		}
++
++		gnutls_anon_server_credentials anon_cred;
++
++		if (!(anon_cred = tls_initialize_anon_cred())) {
++			exit(-1); //fixme
++		}
++
++		if (gnutls_credentials_set(sd->session, GNUTLS_CRD_ANON, anon_cred) < 0) {
++			fprintf(stderr, "gnutls_credentials_set FAILED");
++			gnutls_anon_free_server_credentials(anon_cred);
++			exit(-1); //fixme
++		}
++
++		gnutls_transport_set_ptr(sd->session, (gnutls_transport_ptr_t)cl);
++		gnutls_transport_set_push_function(sd->session, vnc_tls_push);
++		gnutls_transport_set_pull_function(sd->session, vnc_tls_pull);
++		printf("TEST 9\n");
++	}
++
++
++retry:
++	printf("TEST 10 %p\n", cl);
++
++	if ((ret = gnutls_handshake(sd->session)) < 0) {
++		if (!gnutls_error_is_fatal(ret)) {
++			usleep(10000);
++			goto retry;
++		}
++		rfbLog("rfbVncAuthVencrypt: handshake failed\n");
++		rfbCloseClient(cl);
++		return;
++	}
++
++	cl->sock_read_fn = &my_tls_read;
++	
++	/* start subauth - read plain password */
++	n = rfbReadExact(cl, buf, 8);
++	if (n <= 0) {
++		if (n == 0)
++			rfbLog("rfbVncAuthVencrypt: client gone\n");
++		else
++			rfbLogPerror("rfbVncAuthVencrypt: read");
++		rfbCloseClient(cl);
++		return;
++	}
++
++	//fixme: read len, lew, id, pw
++
++	printf("TEST end\n");
+ }
+ 
+ static rfbSecurityHandler VncSecurityHandlerVencrypt = {
+@@ -1759,6 +2020,21 @@
+   time_t elapsed, cur_time;
+   struct winsize dimensions;
+ 
++  if (gnutls_global_init () < 0) {
++	  fprintf(stderr, "gnutls_global_init failed\n");
++	  exit(-1);
++  }
++
++  if (gnutls_dh_params_init (&dh_params) < 0) {
++	  fprintf(stderr, "gnutls_dh_params_init failed\n");
++	  exit(-1);
++  }
++
++  if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0) {
++	  fprintf(stderr, "gnutls_dh_params_init failed\n");
++	  exit(-1);
++  }
++
+   for (i = 1; i < argc; i++) {
+     if (!strcmp (argv[i], "-c")) {
+       command = argv[i+1];
+@@ -1784,6 +2060,8 @@
+ 
+ #ifdef DEBUG
+   rfbLogEnable (1);
++  gnutls_global_set_log_level(10);
++  gnutls_global_set_log_function(vnc_debug_gnutls_log);
+ #else
+   rfbLogEnable (0);
+ #endif
+Index: vnc/libvncserver/sockets.c
+===================================================================
+--- vnc.orig/libvncserver/sockets.c	2011-01-20 16:42:41.000000000 +0100
++++ vnc/libvncserver/sockets.c	2011-01-20 16:47:59.000000000 +0100
+@@ -454,8 +454,12 @@
+     fd_set fds;
+     struct timeval tv;
+ 
++
+     while (len > 0) {
+-        n = read(sock, buf, len);
++	    if (cl->sock_read_fn)
++		    n = cl->sock_read_fn(cl, buf, len);
++	    else 
++		    n = read(sock, buf, len);
+ 
+         if (n > 0) {
+ 
+Index: vnc/rfb/rfb.h
+===================================================================
+--- vnc.orig/rfb/rfb.h	2011-01-20 16:36:06.000000000 +0100
++++ vnc/rfb/rfb.h	2011-01-20 16:51:22.000000000 +0100
+@@ -397,6 +397,8 @@
+     struct _rfbStatList *Next;
+ } rfbStatList;
+ 
++typedef ssize_t (*sock_read_fn_t)(struct _rfbClientRec *cl, void *buf, size_t count);
++
+ typedef struct _rfbClientRec {
+   
+     /* back pointer to the screen */
+@@ -417,6 +419,7 @@
+     void* clientData;
+     ClientGoneHookPtr clientGoneHook;
+ 
++    sock_read_fn_t sock_read_fn;
+     SOCKET sock;
+     char *host;
+ 



More information about the pve-devel mailing list