9front - general discussion about 9front
 help / color / mirror / Atom feed
* [9front] cmd/vnc: enable connecting to recent Darwin releases (patch)
@ 2021-09-22  7:58 igor
  2021-09-22 17:55 ` unobe
  2021-09-22 18:40 ` unobe
  0 siblings, 2 replies; 5+ messages in thread
From: igor @ 2021-09-22  7:58 UTC (permalink / raw)
  To: 9front; +Cc: igor

[-- Attachment #1: Type: text/plain, Size: 1275 bytes --]

Vnc connections to recent Darwin releases fail as follows:

  % vncv steve.9lab.home
  vncv: authentication failure: unknown auth type 0x51e2124

The below inline patch enables connections to recent Darwin versions,
tested on MacOS Catalina and Big Sur.  The patch is attached as well
to ease git/import.

While working on a fix I collected some information re: vnc connections
to MacOS from 9front here:

  • https://9lab.org/plan9/vnc/

Finally, here is what a connection looks like after applying the patch:

  % @{ramfs ; cd /tmp ; hget -o vnc.mp4 https://9lab.org/vid/plan9/vnc.mp4 && treason vnc.mp4}

<snip>
From: Igor Böhm <igor@9lab.org>
Date: Wed, 22 Sep 2021 06:36:54 +0000
Subject: [PATCH] vnc: enable connecting to Darwin

Tested on MacOS Catalina and Big Sur releases.
---
diff 61f37abf576a02c7f1e3561cfaba3c0457f55c9d de22c9e5d93042f458a1e6c4b7f8ef97c1f68c2a
--- a/sys/src/cmd/vnc/auth.c	Fri Aug 27 16:13:11 2021
+++ b/sys/src/cmd/vnc/auth.c	Wed Sep 22 08:36:54 2021
@@ -33,6 +33,8 @@
 		v->vers = 37;
 	else if(strncmp(msg, "RFB 003.008\n", VerLen) == 0)
 		v->vers = 38;
+	else if(strncmp(msg, "RFB 003.889\n", VerLen) == 0)
+		v->vers = 38;  /* Darwin */
 	else /* RFC6143: Any other should be treated as 3.3. */
 		v->vers = 33;
 
</snip>

Cheers,
Igor

[-- Attachment #2: cmd.vnc.auth.c.patch --]
[-- Type: text/plain, Size: 636 bytes --]

From: Igor Böhm <igor@9lab.org>
Date: Wed, 22 Sep 2021 06:36:54 +0000
Subject: [PATCH] vnc: enable connecting to Darwin


Tested on MacOS Catalina and Big Sur releases.
---
diff 61f37abf576a02c7f1e3561cfaba3c0457f55c9d de22c9e5d93042f458a1e6c4b7f8ef97c1f68c2a
--- a/sys/src/cmd/vnc/auth.c	Fri Aug 27 16:13:11 2021
+++ b/sys/src/cmd/vnc/auth.c	Wed Sep 22 08:36:54 2021
@@ -33,6 +33,8 @@
 		v->vers = 37;
 	else if(strncmp(msg, "RFB 003.008\n", VerLen) == 0)
 		v->vers = 38;
+	else if(strncmp(msg, "RFB 003.889\n", VerLen) == 0)
+		v->vers = 38;  /* Darwin */
 	else /* RFC6143: Any other should be treated as 3.3. */
 		v->vers = 33;
 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [9front] cmd/vnc: enable connecting to recent Darwin releases (patch)
  2021-09-22  7:58 [9front] cmd/vnc: enable connecting to recent Darwin releases (patch) igor
@ 2021-09-22 17:55 ` unobe
  2021-09-22 18:03   ` ori
  2021-09-22 18:40 ` unobe
  1 sibling, 1 reply; 5+ messages in thread
From: unobe @ 2021-09-22 17:55 UTC (permalink / raw)
  To: 9front

[-- Attachment #1: Type: text/plain, Size: 585 bytes --]

Quoth igor@9lab.org:
> Vnc connections to recent Darwin releases fail as follows:
> 
>   % vncv steve.9lab.home
>   vncv: authentication failure: unknown auth type 0x51e2124
> 
> The below inline patch enables connections to recent Darwin versions,
> tested on MacOS Catalina and Big Sur.  The patch is attached as well
> to ease git/import.

The man page could use an update, too.  Other versions have been
supported for awhile: see attached.

I don't know if it's appropriate to mention in the man page that the
connection to OS X cannot be encrypted, so tunneling w/ssh is advised.

[-- Attachment #2: Type: text/plain, Size: 250 bytes --]

diff 87a823332f9eaa4ff1e72f8524f6e59d1cc4f407 uncommitted
--- a/sys/man/1/vnc
+++ b/sys/man/1/vnc
@@ -205,5 +205,3 @@
 does no verification of the TLS certificate presented
 by the server.
 .PP
-.I Vncv
-supports only version 3.3 of the RFB protocol.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [9front] cmd/vnc: enable connecting to recent Darwin releases (patch)
  2021-09-22 17:55 ` unobe
@ 2021-09-22 18:03   ` ori
  2021-09-25 21:04     ` igor
  0 siblings, 1 reply; 5+ messages in thread
From: ori @ 2021-09-22 18:03 UTC (permalink / raw)
  To: 9front

Quoth unobe@cpan.org:
> 
> I don't know if it's appropriate to mention in the man page that the
> connection to OS X cannot be encrypted, so tunneling w/ssh is advised.

It's worth mentioning that vnc auth in general is
a joke, and some other mechanism, like sshnet,
should be used for encryption.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [9front] cmd/vnc: enable connecting to recent Darwin releases (patch)
  2021-09-22  7:58 [9front] cmd/vnc: enable connecting to recent Darwin releases (patch) igor
  2021-09-22 17:55 ` unobe
@ 2021-09-22 18:40 ` unobe
  1 sibling, 0 replies; 5+ messages in thread
From: unobe @ 2021-09-22 18:40 UTC (permalink / raw)
  To: 9front

[-- Attachment #1: Type: text/plain, Size: 59 bytes --]

See attached man page patch, incorporating input from Ori.

[-- Attachment #2: Type: text/plain, Size: 495 bytes --]

diff 87a823332f9eaa4ff1e72f8524f6e59d1cc4f407 uncommitted
--- a/sys/man/1/vnc
+++ b/sys/man/1/vnc
@@ -201,9 +201,11 @@
 If the remote frame buffer is larger than the local screen,
 only the upper left corner can be accessed.
 .PP
+.I Vncs
+and
+.I vncv encryption is not secure.  It's advisable to tunnel through
+ssh or some other secure protocol.
+.PP
 .I Vncv
 does no verification of the TLS certificate presented
 by the server.
-.PP
-.I Vncv
-supports only version 3.3 of the RFB protocol.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [9front] cmd/vnc: enable connecting to recent Darwin releases (patch)
  2021-09-22 18:03   ` ori
@ 2021-09-25 21:04     ` igor
  0 siblings, 0 replies; 5+ messages in thread
From: igor @ 2021-09-25 21:04 UTC (permalink / raw)
  To: 9front; +Cc: ori, igor, unobe

[-- Attachment #1: Type: text/plain, Size: 1816 bytes --]

Quoth ori@eigenstate.org:
> Quoth unobe@cpan.org:
[…]
> > I don't know if it's appropriate to mention in the man page that the
> > connection to OS X cannot be encrypted, so tunneling w/ssh is advised.
[…]
> It's worth mentioning that vnc auth in general is
> a joke, and some other mechanism, like sshnet,
> should be used for encryption.

Attached is a patch (git/import) that incorporates the modification to
vnc/auth.c enabling connections to Darwin hosts, as well as the
suggestions made to improve /sys/man/1/vnc.

Here is the inline version:

<snip>
From: Igor Böhm <igor@9lab.org>
Date: Sat, 25 Sep 2021 20:40:47 +0000
Subject: [PATCH] vncv: enable connecting to Darwin hosts


Tested on MacOS Catalina and Big Sur releases.

Update man page to highlight weak encryption of vnc, recommending to
tunnel via ssh (thanks unobe).

---
diff 235ef367d793db705b1b4ef20913c697eccd13a6 8abecdeed7f761e5a502bd1500ebbf2bc4962b43
--- a/sys/man/1/vnc	Sat Sep 25 18:57:58 2021
+++ b/sys/man/1/vnc	Sat Sep 25 22:40:47 2021
@@ -201,9 +201,12 @@
 If the remote frame buffer is larger than the local screen,
 only the upper left corner can be accessed.
 .PP
+.I Vncs
+and
+.I vncv
+encryption is not secure.  It's advisable to tunnel through
+ssh or some other secure protocol.
+.PP
 .I Vncv
 does no verification of the TLS certificate presented
 by the server.
-.PP
-.I Vncv
-supports only version 3.3 of the RFB protocol.
--- a/sys/src/cmd/vnc/auth.c	Sat Sep 25 18:57:58 2021
+++ b/sys/src/cmd/vnc/auth.c	Sat Sep 25 22:40:47 2021
@@ -33,6 +33,8 @@
 		v->vers = 37;
 	else if(strncmp(msg, "RFB 003.008\n", VerLen) == 0)
 		v->vers = 38;
+	else if(strncmp(msg, "RFB 003.889\n", VerLen) == 0)
+		v->vers = 38;  /* Darwin */
 	else /* RFC6143: Any other should be treated as 3.3. */
 		v->vers = 33;
 
<snap>

Cheers,
Igor

[-- Attachment #2: vnc.darwin.patch --]
[-- Type: text/plain, Size: 1239 bytes --]

From: Igor Böhm <igor@9lab.org>
Date: Sat, 25 Sep 2021 20:40:47 +0000
Subject: [PATCH] vncv: enable connecting to Darwin hosts


Tested on MacOS Catalina and Big Sur releases.

Update man page to highlight weak encryption of vnc, recommending to
tunnel via ssh (thanks ori, unobe).

---
diff 235ef367d793db705b1b4ef20913c697eccd13a6 8abecdeed7f761e5a502bd1500ebbf2bc4962b43
--- a/sys/man/1/vnc	Sat Sep 25 18:57:58 2021
+++ b/sys/man/1/vnc	Sat Sep 25 22:40:47 2021
@@ -201,9 +201,12 @@
 If the remote frame buffer is larger than the local screen,
 only the upper left corner can be accessed.
 .PP
+.I Vncs
+and
+.I vncv
+encryption is not secure.  It's advisable to tunnel through
+ssh or some other secure protocol.
+.PP
 .I Vncv
 does no verification of the TLS certificate presented
 by the server.
-.PP
-.I Vncv
-supports only version 3.3 of the RFB protocol.
--- a/sys/src/cmd/vnc/auth.c	Sat Sep 25 18:57:58 2021
+++ b/sys/src/cmd/vnc/auth.c	Sat Sep 25 22:40:47 2021
@@ -33,6 +33,8 @@
 		v->vers = 37;
 	else if(strncmp(msg, "RFB 003.008\n", VerLen) == 0)
 		v->vers = 38;
+	else if(strncmp(msg, "RFB 003.889\n", VerLen) == 0)
+		v->vers = 38;  /* Darwin */
 	else /* RFC6143: Any other should be treated as 3.3. */
 		v->vers = 33;
 

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2021-09-25 22:38 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-22  7:58 [9front] cmd/vnc: enable connecting to recent Darwin releases (patch) igor
2021-09-22 17:55 ` unobe
2021-09-22 18:03   ` ori
2021-09-25 21:04     ` igor
2021-09-22 18:40 ` unobe

9front - general discussion about 9front

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.vuxu.org/9front

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 9front 9front/ https://inbox.vuxu.org/9front \
		9front@9front.org
	public-inbox-index 9front

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.9front


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git