rpm/tigervnc
SHA256
1
0
Fork 0
forked from pool/tigervnc
Code Pull Requests Activity

Accepting request 316948 from home:michalsrb:branches:X11:XOrg

Browse Source 
- Updated to tigervnc 1.5.0.
- Dropped no longer needed patches:
  * tigervnc-sf3495623.patch
  * u_syslog.patch
  * u_tigervnc-build-with-xserver-1.17.patch
- Use encryption everywhere. (fate#318936)
- Work with fltk 1.3.2.
  * N_tigervnc_revert_fltk_1_3_3_requirements.patch

OBS-URL: https://build.opensuse.org/request/show/316948
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=58
This commit is contained in:
Michal Srb 2015-07-15 14:13:40 +00:00 committed by Git OBS Bridge
parent 3e10cb5fe2
commit f3919e3250
17 changed files with 1568 additions and 405 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1005
N_tigervnc_revert_fltk_1_3_3_requirements.patch Normal file
View File

File diff suppressed because it is too large Load Diff

36
tigervnc-clean-pressed-key-on-exit.patch
View File

@ -1,8 +1,8 @@
Index: tigervnc-1.4.1/vncviewer/DesktopWindow.cxx Index: tigervnc-1.5.0/vncviewer/DesktopWindow.cxx
=================================================================== ===================================================================
--- tigervnc-1.4.1.orig/vncviewer/DesktopWindow.cxx --- tigervnc-1.5.0.orig/vncviewer/DesktopWindow.cxx
+++ tigervnc-1.4.1/vncviewer/DesktopWindow.cxx +++ tigervnc-1.5.0/vncviewer/DesktopWindow.cxx
@@ -188,6 +188,8 @@ DesktopWindow::~DesktopWindow() @@ -177,6 +177,8 @@ DesktopWindow::~DesktopWindow()
OptionsDialog::removeCallback(handleOptions); OptionsDialog::removeCallback(handleOptions);
@ -11,11 +11,11 @@ Index: tigervnc-1.4.1/vncviewer/DesktopWindow.cxx
// FLTK automatically deletes all child widgets, so we shouldn't touch // FLTK automatically deletes all child widgets, so we shouldn't touch
// them ourselves here // them ourselves here
} }
Index: tigervnc-1.4.1/vncviewer/Viewport.cxx Index: tigervnc-1.5.0/vncviewer/Viewport.cxx
=================================================================== ===================================================================
--- tigervnc-1.4.1.orig/vncviewer/Viewport.cxx --- tigervnc-1.5.0.orig/vncviewer/Viewport.cxx
+++ tigervnc-1.4.1/vncviewer/Viewport.cxx +++ tigervnc-1.5.0/vncviewer/Viewport.cxx
@@ -144,6 +144,11 @@ Viewport::Viewport(int w, int h, const r @@ -139,6 +139,11 @@ Viewport::Viewport(int w, int h, const r
Viewport::~Viewport() Viewport::~Viewport()
{ {
@ -27,23 +27,23 @@ Index: tigervnc-1.4.1/vncviewer/Viewport.cxx
// Unregister all timeouts in case they get a change tro trigger // Unregister all timeouts in case they get a change tro trigger
// again later when this object is already gone. // again later when this object is already gone.
Fl::remove_timeout(handlePointerTimeout, this); Fl::remove_timeout(handlePointerTimeout, this);
Index: tigervnc-1.4.1/vncviewer/vncviewer.cxx Index: tigervnc-1.5.0/vncviewer/vncviewer.cxx
=================================================================== ===================================================================
--- tigervnc-1.4.1.orig/vncviewer/vncviewer.cxx --- tigervnc-1.5.0.orig/vncviewer/vncviewer.cxx
+++ tigervnc-1.4.1/vncviewer/vncviewer.cxx +++ tigervnc-1.5.0/vncviewer/vncviewer.cxx
@@ -88,6 +88,8 @@ char vncServerName[VNCSERVERNAMELEN] = { @@ -107,6 +107,8 @@ static const char *about_text()
static bool exitMainloop = false; return buffer;
static const char *exitError = NULL; }
+static CConn *cc; +static CConn *cc;
+ +
void exit_vncviewer(const char *error) void exit_vncviewer(const char *error)
{ {
// Prioritise the first error we get as that is probably the most // Prioritise the first error we get as that is probably the most
@@ -114,6 +116,16 @@ static void CleanupSignalHandler(int sig @@ -158,6 +160,16 @@ static void CleanupSignalHandler(int sig
// CleanupSignalHandler allows C++ object cleanup to happen because it calls // CleanupSignalHandler allows C++ object cleanup to happen because it calls
// exit() rather than the default which is to abort. // exit() rather than the default which is to abort.
vlog.info(_("CleanupSignalHandler called")); vlog.info(_("Termination signal %d has been received. TigerVNC Viewer will now exit."), sig);
+ delete cc; + delete cc;
+ exit(1); + exit(1);
+} +}
@ -57,7 +57,7 @@ Index: tigervnc-1.4.1/vncviewer/vncviewer.cxx
exit(1); exit(1);
} }
@@ -392,11 +404,19 @@ int main(int argc, char** argv) @@ -460,11 +472,19 @@ int main(int argc, char** argv)
init_fltk(); init_fltk();
@ -77,7 +77,7 @@ Index: tigervnc-1.4.1/vncviewer/vncviewer.cxx
Configuration::enableViewerParams(); Configuration::enableViewerParams();
/* Load the default parameter settings */ /* Load the default parameter settings */
@@ -497,7 +517,7 @@ int main(int argc, char** argv) @@ -577,7 +597,7 @@ int main(int argc, char** argv)
#endif #endif
} }

10
tigervnc-newfbsize.patch
View File

@ -1,8 +1,8 @@
Index: tigervnc-1.4.1/vncviewer/CConn.cxx Index: tigervnc-1.5.0/vncviewer/CConn.cxx
=================================================================== ===================================================================
--- tigervnc-1.4.1.orig/vncviewer/CConn.cxx --- tigervnc-1.5.0.orig/vncviewer/CConn.cxx
+++ tigervnc-1.4.1/vncviewer/CConn.cxx +++ tigervnc-1.5.0/vncviewer/CConn.cxx
@@ -424,6 +424,8 @@ void CConn::dataRect(const Rect& r, int @@ -427,6 +427,8 @@ void CConn::dataRect(const Rect& r, int
if (encoding != encodingCopyRect) if (encoding != encodingCopyRect)
lastServerEncoding = encoding; lastServerEncoding = encoding;
@ -10,4 +10,4 @@ Index: tigervnc-1.4.1/vncviewer/CConn.cxx
+ setDesktopSize( r.width(), r.height() ); + setDesktopSize( r.width(), r.height() );
if (!Decoder::supported(encoding)) { if (!Decoder::supported(encoding)) {
vlog.error(_("Unknown rect encoding %d"), encoding); // TRANSLATORS: Refers to a VNC protocol encoding type

23
tigervnc-sf3495623.patch
View File

@ -1,23 +0,0 @@
diff -ur tigervnc-1.3.0.orig/common/network/TcpSocket.cxx tigervnc-1.3.0/common/network/TcpSocket.cxx
--- tigervnc-1.3.0.orig/common/network/TcpSocket.cxx 2014-02-07 16:35:24.644388330 +0200
+++ tigervnc-1.3.0/common/network/TcpSocket.cxx 2014-02-07 16:39:50.608078320 +0200
@@ -31,6 +31,7 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
+#include <limits.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <netdb.h>
@@ -450,7 +451,10 @@
}
void TcpListener::getMyAddresses(std::list<char*>* result) {
- const hostent* addrs = gethostbyname(0);
+ char hostname[HOST_NAME_MAX];
+ if (gethostname(hostname, HOST_NAME_MAX) < 0)
+ throw rdr::SystemException("gethostname", errorNumber);
+ const hostent* addrs = gethostbyname(hostname);
if (addrs == 0)
throw rdr::SystemException("gethostbyname", errorNumber);
if (addrs->h_addrtype != AF_INET)

12
tigervnc.changes
View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Wed Jul 15 11:52:02 UTC 2015 - msrb@suse.com
- Updated to tigervnc 1.5.0.
- Dropped no longer needed patches:
* tigervnc-sf3495623.patch
* u_syslog.patch
* u_tigervnc-build-with-xserver-1.17.patch
- Use encryption everywhere. (fate#318936)
- Work with fltk 1.3.2.
* N_tigervnc_revert_fltk_1_3_3_requirements.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 20 12:10:10 UTC 2015 - msrb@suse.com Mon Apr 20 12:10:10 UTC 2015 - msrb@suse.com

76
tigervnc.spec
View File

@ -16,8 +16,14 @@
# #
%define vncgroup vnc
%define vncuser vnc
%define tlskey %{_sysconfdir}/vnc/tls.key
%define tlscert %{_sysconfdir}/vnc/tls.cert
Name: tigervnc Name: tigervnc
Version: 1.4.3 Version: 1.5.0
Release: 0 Release: 0
Provides: tightvnc = 1.3.9 Provides: tightvnc = 1.3.9
Obsoletes: tightvnc < 1.3.9 Obsoletes: tightvnc < 1.3.9
@ -92,7 +98,6 @@ Summary: A high-performance, platform-neutral implementation of VNC
License: GPL-2.0 and MIT License: GPL-2.0 and MIT
Group: System/X11/Servers/XF86_4 Group: System/X11/Servers/XF86_4
Source1: https://github.com/TigerVNC/tigervnc/archive/v%{version}.tar.gz Source1: https://github.com/TigerVNC/tigervnc/archive/v%{version}.tar.gz
Source2: index.vnc
Source3: vnc.xinetd Source3: vnc.xinetd
Source4: 10-libvnc.conf Source4: 10-libvnc.conf
Source5: vnc-server.firewall Source5: vnc-server.firewall
@ -102,18 +107,15 @@ Source8: vnc.reg
Source9: vncpasswd.arg Source9: vncpasswd.arg
Patch1: tigervnc-newfbsize.patch Patch1: tigervnc-newfbsize.patch
Patch2: tigervnc-clean-pressed-key-on-exit.patch Patch2: tigervnc-clean-pressed-key-on-exit.patch
Patch3: tigervnc-sf3495623.patch Patch3: u_tigervnc-ignore-epipe-on-write.patch
Patch4: u_tigervnc-dont-send-ascii-control-characters.patch Patch4: n_tigervnc-date-time.patch
Patch5: u_tigervnc-ignore-epipe-on-write.patch Patch5: U_include-vencrypt-only-if-any-subtype-present.patch
Patch6: n_tigervnc-date-time.patch Patch6: u_tigervnc-use_preferred_mode.patch
Patch7: U_include-vencrypt-only-if-any-subtype-present.patch Patch7: u_tigervnc-cve-2014-8240.patch
Patch8: u_tigervnc-use_preferred_mode.patch Patch8: u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch
Patch9: u_tigervnc-cve-2014-8240.patch Patch9: u_tigervnc-display-SHA-1-fingerprint-of-untrusted-certificate.patch
Patch10: u_tigervnc-build-with-xserver-1.17.patch Patch10: u_tigervnc-add-autoaccept-parameter.patch
Patch11: u_terminate_instead_of_ignoring_restart.patch Patch11: N_tigervnc_revert_fltk_1_3_3_requirements.patch
# Require and build against gnutls 3.x
Patch12: tigervnc-gnutls-3.4-required.patch
Patch13: u_syslog.patch
%description %description
TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing), TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing),
@ -123,6 +125,11 @@ it attempts to maintain a common look and feel and re-use components, where poss
TigerVNC also provides extensions for advanced authentication methods and TLS encryption. TigerVNC also provides extensions for advanced authentication methods and TLS encryption.
%package -n xorg-x11-Xvnc %package -n xorg-x11-Xvnc
# Needed to generate certificates
Requires(post): openssl
# Needed to serve java applet
Requires: python
Requires: python-pyOpenSSL
Requires: xinetd Requires: xinetd
Requires: xkeyboard-config Requires: xkeyboard-config
Summary: TigerVNC implementation of Xvnc Summary: TigerVNC implementation of Xvnc
@ -137,20 +144,18 @@ cp -r /usr/src/xserver/* unix/xserver/
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p0
%patch4 -p0 %patch4 -p1
%patch5 -p0 %patch5 -p0
%patch6 -p1 %patch6 -p0
%patch7 -p0 %patch7 -p1
%patch8 -p0 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1
%patch13 -p1
pushd unix/xserver pushd unix/xserver
patch -p1 < ../xserver116.patch patch -p1 < ../xserver117.patch
popd popd
%build %build
@ -203,7 +208,6 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/vnc/classes
install -m755 VncViewer.jar $RPM_BUILD_ROOT%{_datadir}/vnc/classes install -m755 VncViewer.jar $RPM_BUILD_ROOT%{_datadir}/vnc/classes
popd popd
install -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_datadir}/vnc/classes
install -D -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/xinetd.d/vnc install -D -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/xinetd.d/vnc
%ifnarch s390x %ifnarch s390x
install -D -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/X11/xorg.conf.d/10-libvnc.conf install -D -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/X11/xorg.conf.d/10-libvnc.conf
@ -218,22 +222,40 @@ ln -s -f %{_sysconfdir}/alternatives/vncviewer $RPM_BUILD_ROOT%{_bindir}/vncview
ln -s -f %{_sysconfdir}/alternatives/vncviewer.1.gz $RPM_BUILD_ROOT%{_mandir}/man1/vncviewer.1.gz ln -s -f %{_sysconfdir}/alternatives/vncviewer.1.gz $RPM_BUILD_ROOT%{_mandir}/man1/vncviewer.1.gz
%endif %endif
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/vnc
rm -rf $RPM_BUILD_ROOT/usr/share/doc/tigervnc-* rm -rf $RPM_BUILD_ROOT/usr/share/doc/tigervnc-*
%find_lang '%{name}' %find_lang '%{name}'
%if 0%{?suse_version} >= 1315 %pre -n xorg-x11-Xvnc
getent group %{vncgroup} > /dev/null || groupadd -r %{vncgroup}
getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/empty -s /sbin/nologin -c "user for VNC" %{vncuser}
%post -n xorg-x11-Xvnc
if ! test -e %{tlskey} ; then
(umask 077 && openssl genrsa -out %{tlskey} 2048)
chown %{vncuser}:%{vncgroup} %{tlskey}
fi
if ! test -e %{tlscert} ; then
cn="Automatically generated certificate for the VNC service"
openssl req -new -x509 -extensions usr_cert \
-key %{tlskey} -out %{tlscert} -days 7305 -subj "/CN=$cn/"
chown %{vncuser}:%{vncgroup} %{tlscert}
fi
%post %post
%if 0%{?suse_version} >= 1315
%_sbindir/update-alternatives \ %_sbindir/update-alternatives \
--install %{_bindir}/vncviewer vncviewer %{_bindir}/vncviewer-tigervnc 20 \ --install %{_bindir}/vncviewer vncviewer %{_bindir}/vncviewer-tigervnc 20 \
--slave %{_mandir}/man1/vncviewer.1.gz vncviewer.1.gz %{_mandir}/man1/vncviewer-tigervnc.1.gz --slave %{_mandir}/man1/vncviewer.1.gz vncviewer.1.gz %{_mandir}/man1/vncviewer-tigervnc.1.gz
%endif
%postun %postun
%if 0%{?suse_version} >= 1315
if [ "$1" = 0 ] ; then if [ "$1" = 0 ] ; then
"%_sbindir/update-alternatives" --remove vncviewer /usr/bin/vncviewer-tigervnc "%_sbindir/update-alternatives" --remove vncviewer /usr/bin/vncviewer-tigervnc
fi fi
%endif %endif
%files -f %{name}.lang %files -f %{name}.lang
@ -298,4 +320,8 @@ fi
%doc java/com/tigervnc/vncviewer/README %doc java/com/tigervnc/vncviewer/README
%{_datadir}/vnc %{_datadir}/vnc
%dir %{_sysconfdir}/vnc
%ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey}
%ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert}
%changelog %changelog

196
u_syslog.patch
View File

@ -1,196 +0,0 @@
Author: Michal Srb <msrb@suse.com>
Subject: Syslog logging
Patch-Mainline: To be upstreamed
Index: tigervnc-1.4.1/common/rfb/CMakeLists.txt
===================================================================
--- tigervnc-1.4.1.orig/common/rfb/CMakeLists.txt
+++ tigervnc-1.4.1/common/rfb/CMakeLists.txt
@@ -29,6 +29,7 @@ set(RFB_SOURCES
Logger.cxx
Logger_file.cxx
Logger_stdio.cxx
+ Logger_syslog.cxx
Password.cxx
PixelBuffer.cxx
PixelFormat.cxx
Index: tigervnc-1.4.1/common/rfb/LogWriter.h
===================================================================
--- tigervnc-1.4.1.orig/common/rfb/LogWriter.h
+++ tigervnc-1.4.1/common/rfb/LogWriter.h
@@ -68,10 +68,15 @@ namespace rfb {
}
}
- DEF_LOGFUNCTION(error, 0)
- DEF_LOGFUNCTION(status, 10)
- DEF_LOGFUNCTION(info, 30)
- DEF_LOGFUNCTION(debug, 100)
+ static const int LEVEL_ERROR = 0;
+ static const int LEVEL_STATUS = 10;
+ static const int LEVEL_INFO = 30;
+ static const int LEVEL_DEBUG = 100;
+
+ DEF_LOGFUNCTION(error, LEVEL_ERROR)
+ DEF_LOGFUNCTION(status, LEVEL_STATUS)
+ DEF_LOGFUNCTION(info, LEVEL_INFO)
+ DEF_LOGFUNCTION(debug, LEVEL_DEBUG)
// -=- DIAGNOSTIC & HELPER ROUTINES
Index: tigervnc-1.4.1/common/rfb/Logger_syslog.cxx
===================================================================
--- /dev/null
+++ tigervnc-1.4.1/common/rfb/Logger_syslog.cxx
@@ -0,0 +1,65 @@
+/* Copyright (C) 2015 TigerVNC
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+
+// -=- Logger_syslog.cxx - Logger instance for a syslog
+
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+
+#include <rfb/util.h>
+#include <rfb/Logger_syslog.h>
+#include <rfb/LogWriter.h>
+#include <rfb/Threading.h>
+
+using namespace rfb;
+
+
+Logger_Syslog::Logger_Syslog(const char* loggerName)
+ : Logger(loggerName)
+{
+ openlog("Xvnc", LOG_CONS | LOG_PID, LOG_USER);
+}
+
+Logger_Syslog::~Logger_Syslog()
+{
+ closelog();
+}
+
+void Logger_Syslog::write(int level, const char *logname, const char *message)
+{
+ // Convert our priority level into syslog level
+ int priority;
+ if (level >= LogWriter::LEVEL_DEBUG) {
+ priority = LOG_DEBUG;
+ } else if (level >= LogWriter::LEVEL_INFO) {
+ priority = LOG_INFO;
+ } else if (level >= LogWriter::LEVEL_STATUS) {
+ priority = LOG_NOTICE;
+ } else {
+ priority = LOG_ERR;
+ }
+
+ syslog(priority, "%s: %s", logname, message);
+}
+
+static Logger_Syslog logger("syslog");
+
+void rfb::initSyslogLogger() {
+ logger.registerLogger();
+}
Index: tigervnc-1.4.1/common/rfb/Logger_syslog.h
===================================================================
--- /dev/null
+++ tigervnc-1.4.1/common/rfb/Logger_syslog.h
@@ -0,0 +1,40 @@
+/* Copyright (C) 2015 TigerVNC
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+
+// -=- Logger_syslog - log to syslog
+
+#ifndef __RFB_LOGGER_SYSLOG_H__
+#define __RFB_LOGGER_SYSLOG_H__
+
+#include <time.h>
+#include <rfb/Logger.h>
+
+namespace rfb {
+
+ class Logger_Syslog : public Logger {
+ public:
+ Logger_Syslog(const char* loggerName);
+ virtual ~Logger_Syslog();
+
+ virtual void write(int level, const char *logname, const char *message);
+ };
+
+ void initSyslogLogger();
+};
+
+#endif
Index: tigervnc-1.4.1/unix/xserver/hw/vnc/Xvnc.man
===================================================================
--- tigervnc-1.4.1.orig/unix/xserver/hw/vnc/Xvnc.man
+++ tigervnc-1.4.1/unix/xserver/hw/vnc/Xvnc.man
@@ -274,11 +274,11 @@ stop non-SSH connections from any other
.
.TP
.B \-Log \fIlogname\fP:\fIdest\fP:\fIlevel\fP
-Configures the debug log settings. \fIdest\fP can currently be \fBstderr\fP or
-\fBstdout\fP, and \fIlevel\fP is between 0 and 100, 100 meaning most verbose
-output. \fIlogname\fP is usually \fB*\fP meaning all, but you can target a
-specific source file if you know the name of its "LogWriter". Default is
-\fB*:stderr:30\fP.
+Configures the debug log settings. \fIdest\fP can currently be \fBstderr\fP,
+\fBstdout\fP or \fBsyslog\fP, and \fIlevel\fP is between 0 and 100, 100 meaning
+most verbose output. \fIlogname\fP is usually \fB*\fP meaning all, but you can
+target a specific source file if you know the name of its "LogWriter". Default
+is \fB*:stderr:30\fP.
.
.TP
.B \-RemapKeys \fImapping
Index: tigervnc-1.4.1/unix/xserver/hw/vnc/xvnc.cc
===================================================================
--- tigervnc-1.4.1.orig/unix/xserver/hw/vnc/xvnc.cc
+++ tigervnc-1.4.1/unix/xserver/hw/vnc/xvnc.cc
@@ -34,6 +34,7 @@ from the X Consortium.
#include <rfb/Configuration.h>
#include <rfb/Logger_stdio.h>
+#include <rfb/Logger_syslog.h>
#include <rfb/LogWriter.h>
#include <network/TcpSocket.h>
#include "vncExtInit.h"
@@ -376,6 +377,7 @@ ddxProcessArgument(int argc, char *argv[
vfbInitializePixmapDepths();
firstTime = FALSE;
rfb::initStdIOLoggers();
+ rfb::initSyslogLogger();
rfb::LogWriter::setLogParams("*:stderr:30");
rfb::Configuration::enableServerParams();
}

116
u_tigervnc-add-autoaccept-parameter.patch Normal file
View File

@ -0,0 +1,116 @@
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 6014502..9b886b5 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -47,6 +47,9 @@ public class CSecurityTLS extends CSecurity {
public static StringParameter x509crl
= new StringParameter("x509crl",
"X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer);
+ public static StringParameter x509autoaccept
+ = new StringParameter("x509autoaccept",
+ "X509 Certificate SHA-1 fingerprint", "", Configuration.ConfigurationObject.ConfViewer);
private void initGlobal()
{
@@ -71,6 +74,7 @@ public class CSecurityTLS extends CSecurity {
setDefaults();
cafile = x509ca.getData();
crlfile = x509crl.getData();
+ certautoaccept = x509autoaccept.getData();
}
public static String getDefaultCA() {
@@ -247,34 +251,46 @@ public class CSecurityTLS extends CSecurity {
try {
tm.checkServerTrusted(chain, authType);
} catch (CertificateException e) {
- Object[] answer = {"Proceed", "Exit"};
-
- StringBuilder message = new StringBuilder();
- message.append(e.getCause().getLocalizedMessage());
- message.append("\nContinue connecting to this host?");
+ String fingerprint = null;
try {
+ StringBuilder fingerprintBuilder = new StringBuilder();
+
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
sha1.update(chain[0].getEncoded());
- message.append("\nSHA-1 fingerprint: ");
-
for(byte B : sha1.digest()) {
- message.append(Integer.toHexString(0xff & B));
- message.append(':');
+ fingerprintBuilder.append(String.format("%02x", /*0xff & */B));
+ fingerprintBuilder.append(':');
}
- message.deleteCharAt(message.length() - 1);
+ fingerprintBuilder.deleteCharAt(fingerprintBuilder.length() - 1);
+
+ fingerprint = fingerprintBuilder.toString();
} catch (NoSuchAlgorithmException noSuchAlgorithmException) {
// No fingerprint then...
}
- int ret = JOptionPane.showOptionDialog(null,
- message.toString(),
- "Confirm certificate exception?",
- JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
- null, answer, answer[0]);
- if (ret == JOptionPane.NO_OPTION)
- System.exit(1);
+ if(fingerprint == null || certautoaccept == null || !fingerprint.equalsIgnoreCase(certautoaccept)) {
+ Object[] answer = {"Proceed", "Exit"};
+
+ StringBuilder message = new StringBuilder();
+ message.append(e.getCause().getLocalizedMessage());
+ message.append("\nContinue connecting to this host?");
+ if(fingerprint != null) {
+ message.append("\nSHA-1 fingerprint: ");
+ message.append(fingerprint);
+ message.append("\nBle: ");
+ message.append(certautoaccept);
+ }
+
+ int ret = JOptionPane.showOptionDialog(null,
+ message.toString(),
+ "Confirm certificate exception?",
+ JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
+ null, answer, answer[0]);
+ if (ret == JOptionPane.NO_OPTION)
+ System.exit(1);
+ }
} catch (java.lang.Exception e) {
throw new Exception(e.toString());
}
@@ -301,7 +317,7 @@ public class CSecurityTLS extends CSecurity {
private SSLEngineManager manager;
private boolean anon;
- private String cafile, crlfile;
+ private String cafile, crlfile, certautoaccept;
private FdInStream is;
private FdOutStream os;
diff --git a/java/com/tigervnc/vncviewer/VncViewer.java b/java/com/tigervnc/vncviewer/VncViewer.java
index cc21c2e..6786636 100644
--- a/java/com/tigervnc/vncviewer/VncViewer.java
+++ b/java/com/tigervnc/vncviewer/VncViewer.java
@@ -354,6 +354,8 @@ public class VncViewer extends javax.swing.JApplet
parent.setFocusTraversalKeysEnabled(false);
setLookAndFeel();
setBackground(Color.white);
+
+ SecurityClient.setDefaults();
}
private void getTimestamp() {
@@ -375,6 +377,7 @@ public class VncViewer extends javax.swing.JApplet
if (embed.getValue() && nViewers == 0) {
alwaysShowServerDialog.setParam(false);
Configuration.global().readAppletParams(this);
+ Configuration.viewer().readAppletParams(this);
fullScreen.setParam(false);
scalingFactor.setParam("100");
String host = getCodeBase().getHost();

116
u_tigervnc-add-cadata-parameter.patch Normal file
View File

@ -0,0 +1,116 @@
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 6014502..9b886b5 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -47,6 +47,9 @@ public class CSecurityTLS extends CSecurity {
public static StringParameter x509crl
= new StringParameter("x509crl",
"X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer);
+ public static StringParameter x509autoaccept
+ = new StringParameter("x509autoaccept",
+ "X509 Certificate SHA-1 fingerprint", "", Configuration.ConfigurationObject.ConfViewer);
private void initGlobal()
{
@@ -71,6 +74,7 @@ public class CSecurityTLS extends CSecurity {
setDefaults();
cafile = x509ca.getData();
crlfile = x509crl.getData();
+ certautoaccept = x509autoaccept.getData();
}
public static String getDefaultCA() {
@@ -247,34 +251,46 @@ public class CSecurityTLS extends CSecurity {
try {
tm.checkServerTrusted(chain, authType);
} catch (CertificateException e) {
- Object[] answer = {"Proceed", "Exit"};
-
- StringBuilder message = new StringBuilder();
- message.append(e.getCause().getLocalizedMessage());
- message.append("\nContinue connecting to this host?");
+ String fingerprint = null;
try {
+ StringBuilder fingerprintBuilder = new StringBuilder();
+
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
sha1.update(chain[0].getEncoded());
- message.append("\nSHA-1 fingerprint: ");
-
for(byte B : sha1.digest()) {
- message.append(Integer.toHexString(0xff & B));
- message.append(':');
+ fingerprintBuilder.append(String.format("%02x", /*0xff & */B));
+ fingerprintBuilder.append(':');
}
- message.deleteCharAt(message.length() - 1);
+ fingerprintBuilder.deleteCharAt(fingerprintBuilder.length() - 1);
+
+ fingerprint = fingerprintBuilder.toString();
} catch (NoSuchAlgorithmException noSuchAlgorithmException) {
// No fingerprint then...
}
- int ret = JOptionPane.showOptionDialog(null,
- message.toString(),
- "Confirm certificate exception?",
- JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
- null, answer, answer[0]);
- if (ret == JOptionPane.NO_OPTION)
- System.exit(1);
+ if(fingerprint == null || certautoaccept == null || !fingerprint.equalsIgnoreCase(certautoaccept)) {
+ Object[] answer = {"Proceed", "Exit"};
+
+ StringBuilder message = new StringBuilder();
+ message.append(e.getCause().getLocalizedMessage());
+ message.append("\nContinue connecting to this host?");
+ if(fingerprint != null) {
+ message.append("\nSHA-1 fingerprint: ");
+ message.append(fingerprint);
+ message.append("\nBle: ");
+ message.append(certautoaccept);
+ }
+
+ int ret = JOptionPane.showOptionDialog(null,
+ message.toString(),
+ "Confirm certificate exception?",
+ JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
+ null, answer, answer[0]);
+ if (ret == JOptionPane.NO_OPTION)
+ System.exit(1);
+ }
} catch (java.lang.Exception e) {
throw new Exception(e.toString());
}
@@ -301,7 +317,7 @@ public class CSecurityTLS extends CSecurity {
private SSLEngineManager manager;
private boolean anon;
- private String cafile, crlfile;
+ private String cafile, crlfile, certautoaccept;
private FdInStream is;
private FdOutStream os;
diff --git a/java/com/tigervnc/vncviewer/VncViewer.java b/java/com/tigervnc/vncviewer/VncViewer.java
index cc21c2e..6786636 100644
--- a/java/com/tigervnc/vncviewer/VncViewer.java
+++ b/java/com/tigervnc/vncviewer/VncViewer.java
@@ -354,6 +354,8 @@ public class VncViewer extends javax.swing.JApplet
parent.setFocusTraversalKeysEnabled(false);
setLookAndFeel();
setBackground(Color.white);
+
+ SecurityClient.setDefaults();
}
private void getTimestamp() {
@@ -375,6 +377,7 @@ public class VncViewer extends javax.swing.JApplet
if (embed.getValue() && nViewers == 0) {
alwaysShowServerDialog.setParam(false);
Configuration.global().readAppletParams(this);
+ Configuration.viewer().readAppletParams(this);
fullScreen.setParam(false);
scalingFactor.setParam("100");
String host = getCodeBase().getHost();

52
u_tigervnc-build-with-xserver-1.17.patch
View File

@ -1,52 +0,0 @@
Author: Michal Srb <msrb@suse.com>
Subject: Build with xserver 1.17.x.
Do not use removed xalloc&xfree.
Add 1.17.x to supported list.
Index: tigervnc-1.4.1/unix/xserver/hw/vnc/xorg-version.h
===================================================================
--- tigervnc-1.4.1.orig/unix/xserver/hw/vnc/xorg-version.h
+++ tigervnc-1.4.1/unix/xserver/hw/vnc/xorg-version.h
@@ -48,8 +48,10 @@
#define XORG 115
#elif XORG_VERSION_CURRENT < ((1 * 10000000) + (16 * 100000) + (99 * 1000))
#define XORG 116
+#elif XORG_VERSION_CURRENT < ((1 * 10000000) + (17 * 100000) + (99 * 1000))
+#define XORG 117
#else
-#error "X.Org newer than 1.16 is not supported"
+#error "X.Org newer than 1.17 is not supported"
#endif
#endif
Index: tigervnc-1.4.1/unix/xserver/hw/vnc/xvnc.cc
===================================================================
--- tigervnc-1.4.1.orig/unix/xserver/hw/vnc/xvnc.cc
+++ tigervnc-1.4.1/unix/xserver/hw/vnc/xvnc.cc
@@ -717,9 +717,9 @@ vfbInstallColormap(ColormapPtr pmap)
entries = pmap->pVisual->ColormapEntries;
pVisual = pmap->pVisual;
- ppix = (Pixel *)xalloc(entries * sizeof(Pixel));
- prgb = (xrgb *)xalloc(entries * sizeof(xrgb));
- defs = (xColorItem *)xalloc(entries * sizeof(xColorItem));
+ ppix = (Pixel *)malloc(entries * sizeof(Pixel));
+ prgb = (xrgb *)malloc(entries * sizeof(xrgb));
+ defs = (xColorItem *)malloc(entries * sizeof(xColorItem));
for (i = 0; i < entries; i++) ppix[i] = i;
/* XXX truecolor */
@@ -738,9 +738,9 @@ vfbInstallColormap(ColormapPtr pmap)
}
(*pmap->pScreen->StoreColors)(pmap, entries, defs);
- xfree(ppix);
- xfree(prgb);
- xfree(defs);
+ free(ppix);
+ free(prgb);
+ free(defs);
}
}

48
u_tigervnc-display-SHA-1-fingerprint-of-untrusted-certificate.patch Normal file
View File

@ -0,0 +1,48 @@
From af09e89d54b57649cf60363d03f84d129baecd27 Mon Sep 17 00:00:00 2001
From: Michal Srb <michalsrb@gmail.com>
Date: Tue, 7 Jul 2015 02:38:18 +0300
Subject: [PATCH 2/2] Display SHA-1 fingerprint of untrusted certificate in
java client.
---
java/com/tigervnc/rfb/CSecurityTLS.java | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 7633f08..6014502 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -248,9 +248,28 @@ public class CSecurityTLS extends CSecurity {
tm.checkServerTrusted(chain, authType);
} catch (CertificateException e) {
Object[] answer = {"Proceed", "Exit"};
+
+ StringBuilder message = new StringBuilder();
+ message.append(e.getCause().getLocalizedMessage());
+ message.append("\nContinue connecting to this host?");
+
+ try {
+ MessageDigest sha1 = MessageDigest.getInstance("SHA1");
+ sha1.update(chain[0].getEncoded());
+
+ message.append("\nSHA-1 fingerprint: ");
+
+ for(byte B : sha1.digest()) {
+ message.append(Integer.toHexString(0xff & B));
+ message.append(':');
+ }
+ message.deleteCharAt(message.length() - 1);
+ } catch (NoSuchAlgorithmException noSuchAlgorithmException) {
+ // No fingerprint then...
+ }
+
int ret = JOptionPane.showOptionDialog(null,
- e.getCause().getLocalizedMessage()+"\n"+
- "Continue connecting to this host?",
+ message.toString(),
"Confirm certificate exception?",
JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
null, answer, answer[0]);
--
2.1.4

60
u_tigervnc-use-default-trust-manager-in-java-viewer-if-custom.patch Normal file
View File

@ -0,0 +1,60 @@
From d6d847633660abb99764192f73da7be5adf3da9c Mon Sep 17 00:00:00 2001
From: Michal Srb <michalsrb@gmail.com>
Date: Tue, 7 Jul 2015 02:09:21 +0300
Subject: [PATCH 1/2] Use default trust manager in java viewer if custom CA is
not specified.
---
java/com/tigervnc/rfb/CSecurityTLS.java | 34 +++++++++++++++++----------------
1 file changed, 18 insertions(+), 16 deletions(-)
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 6f799bb..7633f08 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -207,24 +207,26 @@ public class CSecurityTLS extends CSecurity {
try {
ks.load(null, null);
File cacert = new File(cafile);
- if (!cacert.exists() || !cacert.canRead())
- return;
- InputStream caStream = new FileInputStream(cafile);
- X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
- ks.setCertificateEntry("CA", ca);
- PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
- File crlcert = new File(crlfile);
- if (!crlcert.exists() || !crlcert.canRead()) {
- params.setRevocationEnabled(false);
+ if (!cacert.exists() || !cacert.canRead()) {
+ tmf.init((KeyStore)null); // Use default trust manager
} else {
- InputStream crlStream = new FileInputStream(crlfile);
- Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
- CertStoreParameters csp = new CollectionCertStoreParameters(crls);
- CertStore store = CertStore.getInstance("Collection", csp);
- params.addCertStore(store);
- params.setRevocationEnabled(true);
+ InputStream caStream = new FileInputStream(cafile);
+ X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
+ ks.setCertificateEntry("CA", ca);
+ PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
+ File crlcert = new File(crlfile);
+ if (!crlcert.exists() || !crlcert.canRead()) {
+ params.setRevocationEnabled(false);
+ } else {
+ InputStream crlStream = new FileInputStream(crlfile);
+ Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
+ CertStoreParameters csp = new CollectionCertStoreParameters(crls);
+ CertStore store = CertStore.getInstance("Collection", csp);
+ params.addCertStore(store);
+ params.setRevocationEnabled(true);
+ }
+ tmf.init(new CertPathTrustManagerParameters(params));
}
- tmf.init(new CertPathTrustManagerParameters(params));
} catch (java.io.FileNotFoundException e) {
vlog.error(e.toString());
} catch (java.io.IOException e) {
--
2.1.4

31
u_tigervnc-use_preferred_mode.patch
View File

@ -6,22 +6,21 @@ References: bnc#896540
If there is any resolution specified with -geometry or -screen parameters, If there is any resolution specified with -geometry or -screen parameters,
report this resolution as preferred one. That way desktop environments won't report this resolution as preferred one. That way desktop environments won't
change it immediately after start. change it immediately after start.
Index: unix/xserver/hw/vnc/xvnc.cc Index: unix/xserver/hw/vnc/xvnc.c
=================================================================== ===================================================================
--- unix/xserver/hw/vnc/xvnc.cc (revision 5186) --- unix/xserver/hw/vnc/xvnc.c.orig
+++ unix/xserver/hw/vnc/xvnc.cc (working copy) +++ unix/xserver/hw/vnc/xvnc.c
@@ -1319,12 +1319,22 @@ @@ -1296,12 +1296,24 @@ static RRCrtcPtr vncRandRCrtcCreate(Scre
/* Make sure the CRTC has this output set */
vncRandRCrtcSet(pScreen, crtc, NULL, 0, 0, RR_Rotate_0, 1, &output); vncRandRCrtcSet(pScreen, crtc, NULL, 0, 0, RR_Rotate_0, 1, &output);
- /* Populate a list of default modes */ /* Populate a list of default modes */
- RRModePtr modes[sizeof(vncRandRWidths)/sizeof(*vncRandRWidths)]; - modes = malloc(sizeof(RRModePtr)*sizeof(vncRandRWidths)/sizeof(*vncRandRWidths));
- int num_modes; + modes = malloc(sizeof(RRModePtr)*sizeof(vncRandRWidths)/sizeof(*vncRandRWidths) + 1);
+ /* Populate a list of modes */ if (modes == NULL)
+ RRModePtr modes[sizeof(vncRandRWidths)/sizeof(*vncRandRWidths) + 1]; return NULL;
+ int num_modes = 0;
- num_modes = 0; num_modes = 0;
+
+ /* Start with requested mode */ + /* Start with requested mode */
+ mode = vncRandRModeGet(pScreen->width, pScreen->height); + mode = vncRandRModeGet(pScreen->width, pScreen->height);
+ if(mode != NULL) { + if(mode != NULL) {
@ -30,19 +29,19 @@ Index: unix/xserver/hw/vnc/xvnc.cc
+ } + }
+ +
+ /* Add default modes */ + /* Add default modes */
for (int i = 0;i < sizeof(vncRandRWidths)/sizeof(*vncRandRWidths);i++) { for (i = 0;i < sizeof(vncRandRWidths)/sizeof(*vncRandRWidths);i++) {
+ if (vncRandRWidths[i] == pScreen->width && vncRandRHeights[i] == pScreen->height) + if (vncRandRWidths[i] == pScreen->width && vncRandRHeights[i] == pScreen->height)
+ continue; + continue;
+ +
mode = vncRandRModeGet(vncRandRWidths[i], vncRandRHeights[i]); mode = vncRandRModeGet(vncRandRWidths[i], vncRandRHeights[i]);
if (mode != NULL) { if (mode != NULL) {
modes[num_modes] = mode; modes[num_modes] = mode;
@@ -1332,7 +1342,7 @@ @@ -1309,7 +1321,7 @@ static RRCrtcPtr vncRandRCrtcCreate(Scre
} }
} }
- RROutputSetModes(output, modes, num_modes, 0); - RROutputSetModes(output, modes, num_modes, 0);
+ RROutputSetModes(output, modes, num_modes, 1); + RROutputSetModes(output, modes, num_modes, 1);
return crtc; free(modes);
}

3
v1.4.3.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0b2603db2b32dfd6e48f6f59618bd9819d187bfbb0c16218637d074a69756824
size 1372873

3
v1.5.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7b0ec1a85d708f72fee17326bd1f894b9132df089226561306f4c2ef19d7df25
size 1268682

18
vnc.xinetd
View File

@ -8,9 +8,9 @@ service vnc1
socket_type = stream socket_type = stream
protocol = tcp protocol = tcp
wait = no wait = no
user = nobody user = vnc
server = /usr/bin/Xvnc server = /usr/bin/Xvnc
server_args = -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes none -log *:syslog:30 server_args = -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
disable = yes disable = yes
} }
# default: off # default: off
@ -23,9 +23,9 @@ service vnc2
socket_type = stream socket_type = stream
protocol = tcp protocol = tcp
wait = no wait = no
user = nobody user = vnc
server = /usr/bin/Xvnc server = /usr/bin/Xvnc
server_args = -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes none -log *:syslog:30 server_args = -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
disable = yes disable = yes
} }
# default: off # default: off
@ -38,9 +38,9 @@ service vnc3
socket_type = stream socket_type = stream
protocol = tcp protocol = tcp
wait = no wait = no
user = nobody user = vnc
server = /usr/bin/Xvnc server = /usr/bin/Xvnc
server_args = -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes none -log *:syslog:30 server_args = -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30
disable = yes disable = yes
} }
# default: off # default: off
@ -53,7 +53,7 @@ service vnchttpd1
socket_type = stream socket_type = stream
protocol = tcp protocol = tcp
wait = no wait = no
user = nobody user = vnc
server = /usr/bin/vnc_inetd_httpd server = /usr/bin/vnc_inetd_httpd
server_args = 1024 768 5901 server_args = 1024 768 5901
disable = yes disable = yes
@ -68,7 +68,7 @@ service vnchttpd2
socket_type = stream socket_type = stream
protocol = tcp protocol = tcp
wait = no wait = no
user = nobody user = vnc
server = /usr/bin/vnc_inetd_httpd server = /usr/bin/vnc_inetd_httpd
server_args = 1280 1024 5902 server_args = 1280 1024 5902
disable = yes disable = yes
@ -83,7 +83,7 @@ service vnchttpd3
socket_type = stream socket_type = stream
protocol = tcp protocol = tcp
wait = no wait = no
user = nobody user = vnc
server = /usr/bin/vnc_inetd_httpd server = /usr/bin/vnc_inetd_httpd
server_args = 1600 1200 5903 server_args = 1600 1200 5903
disable = yes disable = yes

168
vnc_inetd_httpd
View File

@ -1,62 +1,114 @@
#!/bin/bash #!/usr/bin/env python
read request url httptype || exit 0
url="${url/ /}"
httptype="${httptype/ /}"
width=$1 # This is simple stupid WWW server intended to serve VNC java applet.
height=$2 # It is made to be called by xinetd.
port=$3 # It handles both HTTP and HTTPS on the same port. If HTTPS is allowed, any HTTP requests is responded with redirect to HTTPS.
if [ "x$httptype" != "x" ]; then import re
line="x" import sys
while [ -n "$line" ]; do import socket
read line || exit 0 import time
line="${line/ /}"
done
fi
case "$url" in
/)
# We need the size of the display for the current applet.
# The VNC menubar is 20 pixels high ...
height=$((height+20))
ctype="text/html"
content="
<HTML><HEAD><TITLE>Remote Desktop</TITLE></HEAD>
<BODY>
<APPLET CODE=\"com.tigervnc.vncviewer.VncViewer\" ARCHIVE=\"VncViewer.jar\" WIDTH=\"$width\" HEIGHT=\"$height\">
<PARAM name=\"Port\" value=\"$port\">
<param name=\"Embed\" value=\"true\">
<param name=\"AlwaysShowServerDialog\" value=\"false\">
</APPLET>
</BODY></HTML>"
;;
*.jar|*.class)
# Use basename to make sure we have just a filename, not ../../...
url=${url/.*\/}
ctype="application/octet-stream"
cfile="/usr/share/vnc/classes/$url"
content="FILE"
;;
esac
if [ "x$httptype" != "x" ]; then from OpenSSL import SSL, crypto
echo "HTTP/1.0 200 OK"
echo "Content-Type: $ctype"
if [ "$content" == "FILE" ]; then
clen=`wc -c "$cfile"`
else
clen=`echo "$content"|wc -c`
fi
echo "Content-Length: $clen"
echo "Connection: close"
echo
fi
if [ "$request" == "GET" ]; then TLS_KEY = "/etc/vnc/tls.key"
if [ "$content" == "FILE" ]; then TLS_CERT = "/etc/vnc/tls.cert"
cat "$cfile" JAR_FILE = "/usr/share/vnc/classes/VncViewer.jar"
else TIMEOUT = 10
echo "$content"
fi WIDTH = int(sys.argv[1])
fi HEIGHT = int(sys.argv[2])
exit 0 VNC_PORT = int(sys.argv[3])
USE_HTTPS = not (len(sys.argv) >= 5 and sys.argv[4] == "NoHTTPS")
# Take the stdin as our input socket (given from xinetd)
conn = sock = socket.fromfd(sys.stdin.fileno(), socket.AF_INET, socket.SOCK_STREAM)
# If we are supposed to use HTTPS, load certificate and replace conn with SSL connection.
if USE_HTTPS:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(TLS_CERT, 'r').read())
context = SSL.Context(SSL.SSLv23_METHOD)
context.use_privatekey_file(TLS_KEY)
context.use_certificate(cert)
conn = SSL.Connection(context, sock)
conn.set_accept_state()
# Send normal response
def send_response(connection, ctype, response):
connection.sendall(
"HTTP/1.0 200 OK\n" +
"Content-Type: " + ctype + "\n" +
"Content-Length: " + str(len(response)) + "\n" +
"Connection: close\n" +
"\n" +
response
)
# Send redirect
def send_redirect(connection, ctype, response, location):
connection.sendall(
"HTTP/1.0 301 Moved Permanently\n" +
"Location: " + location + "\n" +
"Content-Type: " + ctype + "\n" +
"Content-Length: " + str(len(response)) + "\n" +
"Connection: close\n" +
"\n" +
response
)
# Try to read and parse HTTP request
try:
start_time = time.time()
buffer = ''
while True:
buffer += conn.recv(1024)
if buffer.endswith("\r\n\r\n") or start_time + TIMEOUT < time.time():
break
method, url = buffer.split(" ", 2)[0:2]
if url == '/VncViewer.jar':
with open(JAR_FILE, 'r') as file:
send_response(conn, "application/octet-stream", file.read())
else:
response = \
"""<html>
<head>
<title>Remote Desktop</title>
</head>
<body>
<embed type="application/x-java-applet;version=1.6" code="com.tigervnc.vncviewer.VncViewer" archive="VncViewer.jar" width="%d" height="%d"
Port="%d"
Embed="true"
AlwaysShowServerDialog="false"
SecurityTypes="%s"
x509autoaccept="%s"
>
</body>
</html>
"""%(WIDTH, HEIGHT, VNC_PORT, 'X509None' if USE_HTTPS else 'TLSNone', cert.digest('SHA1') if USE_HTTPS else '')
send_response(conn, "text/html", response)
except SSL.Error:
# If SSL failed, it is most probably because the browser is actually trying to do normal HTTP request.
# We have now a partially consumed HTTP request in sock, let's try if we can get Host header out of it
partial_request = sock.recv(8000) # Arbitrary big number, if the request is longer than this, we will just skip the rest.
host = None
match = re.search(r"\r\nHost: ([^\r]+)\r\n", partial_request)
if match:
host = match.group(1)
if host:
# If we got host header, we can redirect nicely with HTTP 301.
send_redirect(sock, "text.html", "<html><body>Use https.</body></html>", "https://" + host)
else:
# If we don't know the host header, redirect using javascript.
send_response(sock, "text.html", "<html><head><script>document.location.protocol = 'https';</script></head><body>Use https.</body></html>")