* [9front] cmd/vnc: enable connecting to recent Darwin releases (patch) @ 2021-09-22 7:58 igor 2021-09-22 17:55 ` unobe 2021-09-22 18:40 ` unobe 0 siblings, 2 replies; 5+ messages in thread From: igor @ 2021-09-22 7:58 UTC (permalink / raw) To: 9front; +Cc: igor [-- Attachment #1: Type: text/plain, Size: 1275 bytes --] Vnc connections to recent Darwin releases fail as follows: % vncv steve.9lab.home vncv: authentication failure: unknown auth type 0x51e2124 The below inline patch enables connections to recent Darwin versions, tested on MacOS Catalina and Big Sur. The patch is attached as well to ease git/import. While working on a fix I collected some information re: vnc connections to MacOS from 9front here: • https://9lab.org/plan9/vnc/ Finally, here is what a connection looks like after applying the patch: % @{ramfs ; cd /tmp ; hget -o vnc.mp4 https://9lab.org/vid/plan9/vnc.mp4 && treason vnc.mp4} <snip> From: Igor Böhm <igor@9lab.org> Date: Wed, 22 Sep 2021 06:36:54 +0000 Subject: [PATCH] vnc: enable connecting to Darwin Tested on MacOS Catalina and Big Sur releases. --- diff 61f37abf576a02c7f1e3561cfaba3c0457f55c9d de22c9e5d93042f458a1e6c4b7f8ef97c1f68c2a --- a/sys/src/cmd/vnc/auth.c Fri Aug 27 16:13:11 2021 +++ b/sys/src/cmd/vnc/auth.c Wed Sep 22 08:36:54 2021 @@ -33,6 +33,8 @@ v->vers = 37; else if(strncmp(msg, "RFB 003.008\n", VerLen) == 0) v->vers = 38; + else if(strncmp(msg, "RFB 003.889\n", VerLen) == 0) + v->vers = 38; /* Darwin */ else /* RFC6143: Any other should be treated as 3.3. */ v->vers = 33; </snip> Cheers, Igor [-- Attachment #2: cmd.vnc.auth.c.patch --] [-- Type: text/plain, Size: 636 bytes --] From: Igor Böhm <igor@9lab.org> Date: Wed, 22 Sep 2021 06:36:54 +0000 Subject: [PATCH] vnc: enable connecting to Darwin Tested on MacOS Catalina and Big Sur releases. --- diff 61f37abf576a02c7f1e3561cfaba3c0457f55c9d de22c9e5d93042f458a1e6c4b7f8ef97c1f68c2a --- a/sys/src/cmd/vnc/auth.c Fri Aug 27 16:13:11 2021 +++ b/sys/src/cmd/vnc/auth.c Wed Sep 22 08:36:54 2021 @@ -33,6 +33,8 @@ v->vers = 37; else if(strncmp(msg, "RFB 003.008\n", VerLen) == 0) v->vers = 38; + else if(strncmp(msg, "RFB 003.889\n", VerLen) == 0) + v->vers = 38; /* Darwin */ else /* RFC6143: Any other should be treated as 3.3. */ v->vers = 33; ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9front] cmd/vnc: enable connecting to recent Darwin releases (patch) 2021-09-22 7:58 [9front] cmd/vnc: enable connecting to recent Darwin releases (patch) igor @ 2021-09-22 17:55 ` unobe 2021-09-22 18:03 ` ori 2021-09-22 18:40 ` unobe 1 sibling, 1 reply; 5+ messages in thread From: unobe @ 2021-09-22 17:55 UTC (permalink / raw) To: 9front [-- Attachment #1: Type: text/plain, Size: 585 bytes --] Quoth igor@9lab.org: > Vnc connections to recent Darwin releases fail as follows: > > % vncv steve.9lab.home > vncv: authentication failure: unknown auth type 0x51e2124 > > The below inline patch enables connections to recent Darwin versions, > tested on MacOS Catalina and Big Sur. The patch is attached as well > to ease git/import. The man page could use an update, too. Other versions have been supported for awhile: see attached. I don't know if it's appropriate to mention in the man page that the connection to OS X cannot be encrypted, so tunneling w/ssh is advised. [-- Attachment #2: Type: text/plain, Size: 250 bytes --] diff 87a823332f9eaa4ff1e72f8524f6e59d1cc4f407 uncommitted --- a/sys/man/1/vnc +++ b/sys/man/1/vnc @@ -205,5 +205,3 @@ does no verification of the TLS certificate presented by the server. .PP -.I Vncv -supports only version 3.3 of the RFB protocol. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9front] cmd/vnc: enable connecting to recent Darwin releases (patch) 2021-09-22 17:55 ` unobe @ 2021-09-22 18:03 ` ori 2021-09-25 21:04 ` igor 0 siblings, 1 reply; 5+ messages in thread From: ori @ 2021-09-22 18:03 UTC (permalink / raw) To: 9front Quoth unobe@cpan.org: > > I don't know if it's appropriate to mention in the man page that the > connection to OS X cannot be encrypted, so tunneling w/ssh is advised. It's worth mentioning that vnc auth in general is a joke, and some other mechanism, like sshnet, should be used for encryption. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9front] cmd/vnc: enable connecting to recent Darwin releases (patch) 2021-09-22 18:03 ` ori @ 2021-09-25 21:04 ` igor 0 siblings, 0 replies; 5+ messages in thread From: igor @ 2021-09-25 21:04 UTC (permalink / raw) To: 9front; +Cc: ori, igor, unobe [-- Attachment #1: Type: text/plain, Size: 1816 bytes --] Quoth ori@eigenstate.org: > Quoth unobe@cpan.org: […] > > I don't know if it's appropriate to mention in the man page that the > > connection to OS X cannot be encrypted, so tunneling w/ssh is advised. […] > It's worth mentioning that vnc auth in general is > a joke, and some other mechanism, like sshnet, > should be used for encryption. Attached is a patch (git/import) that incorporates the modification to vnc/auth.c enabling connections to Darwin hosts, as well as the suggestions made to improve /sys/man/1/vnc. Here is the inline version: <snip> From: Igor Böhm <igor@9lab.org> Date: Sat, 25 Sep 2021 20:40:47 +0000 Subject: [PATCH] vncv: enable connecting to Darwin hosts Tested on MacOS Catalina and Big Sur releases. Update man page to highlight weak encryption of vnc, recommending to tunnel via ssh (thanks unobe). --- diff 235ef367d793db705b1b4ef20913c697eccd13a6 8abecdeed7f761e5a502bd1500ebbf2bc4962b43 --- a/sys/man/1/vnc Sat Sep 25 18:57:58 2021 +++ b/sys/man/1/vnc Sat Sep 25 22:40:47 2021 @@ -201,9 +201,12 @@ If the remote frame buffer is larger than the local screen, only the upper left corner can be accessed. .PP +.I Vncs +and +.I vncv +encryption is not secure. It's advisable to tunnel through +ssh or some other secure protocol. +.PP .I Vncv does no verification of the TLS certificate presented by the server. -.PP -.I Vncv -supports only version 3.3 of the RFB protocol. --- a/sys/src/cmd/vnc/auth.c Sat Sep 25 18:57:58 2021 +++ b/sys/src/cmd/vnc/auth.c Sat Sep 25 22:40:47 2021 @@ -33,6 +33,8 @@ v->vers = 37; else if(strncmp(msg, "RFB 003.008\n", VerLen) == 0) v->vers = 38; + else if(strncmp(msg, "RFB 003.889\n", VerLen) == 0) + v->vers = 38; /* Darwin */ else /* RFC6143: Any other should be treated as 3.3. */ v->vers = 33; <snap> Cheers, Igor [-- Attachment #2: vnc.darwin.patch --] [-- Type: text/plain, Size: 1239 bytes --] From: Igor Böhm <igor@9lab.org> Date: Sat, 25 Sep 2021 20:40:47 +0000 Subject: [PATCH] vncv: enable connecting to Darwin hosts Tested on MacOS Catalina and Big Sur releases. Update man page to highlight weak encryption of vnc, recommending to tunnel via ssh (thanks ori, unobe). --- diff 235ef367d793db705b1b4ef20913c697eccd13a6 8abecdeed7f761e5a502bd1500ebbf2bc4962b43 --- a/sys/man/1/vnc Sat Sep 25 18:57:58 2021 +++ b/sys/man/1/vnc Sat Sep 25 22:40:47 2021 @@ -201,9 +201,12 @@ If the remote frame buffer is larger than the local screen, only the upper left corner can be accessed. .PP +.I Vncs +and +.I vncv +encryption is not secure. It's advisable to tunnel through +ssh or some other secure protocol. +.PP .I Vncv does no verification of the TLS certificate presented by the server. -.PP -.I Vncv -supports only version 3.3 of the RFB protocol. --- a/sys/src/cmd/vnc/auth.c Sat Sep 25 18:57:58 2021 +++ b/sys/src/cmd/vnc/auth.c Sat Sep 25 22:40:47 2021 @@ -33,6 +33,8 @@ v->vers = 37; else if(strncmp(msg, "RFB 003.008\n", VerLen) == 0) v->vers = 38; + else if(strncmp(msg, "RFB 003.889\n", VerLen) == 0) + v->vers = 38; /* Darwin */ else /* RFC6143: Any other should be treated as 3.3. */ v->vers = 33; ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9front] cmd/vnc: enable connecting to recent Darwin releases (patch) 2021-09-22 7:58 [9front] cmd/vnc: enable connecting to recent Darwin releases (patch) igor 2021-09-22 17:55 ` unobe @ 2021-09-22 18:40 ` unobe 1 sibling, 0 replies; 5+ messages in thread From: unobe @ 2021-09-22 18:40 UTC (permalink / raw) To: 9front [-- Attachment #1: Type: text/plain, Size: 59 bytes --] See attached man page patch, incorporating input from Ori. [-- Attachment #2: Type: text/plain, Size: 495 bytes --] diff 87a823332f9eaa4ff1e72f8524f6e59d1cc4f407 uncommitted --- a/sys/man/1/vnc +++ b/sys/man/1/vnc @@ -201,9 +201,11 @@ If the remote frame buffer is larger than the local screen, only the upper left corner can be accessed. .PP +.I Vncs +and +.I vncv encryption is not secure. It's advisable to tunnel through +ssh or some other secure protocol. +.PP .I Vncv does no verification of the TLS certificate presented by the server. -.PP -.I Vncv -supports only version 3.3 of the RFB protocol. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-09-25 22:38 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-09-22 7:58 [9front] cmd/vnc: enable connecting to recent Darwin releases (patch) igor 2021-09-22 17:55 ` unobe 2021-09-22 18:03 ` ori 2021-09-25 21:04 ` igor 2021-09-22 18:40 ` unobe
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).