From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f47.google.com ([209.85.128.47]) by ewsd; Sun Sep 27 11:47:13 EDT 2020 Received: by mail-wm1-f47.google.com with SMTP id x23so3941349wmi.3 for <9front@9front.org>; Sun, 27 Sep 2020 08:47:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dQrPtu3+xkgejVrGYmZQS+9FvmoJbLWtx8FSFDXAd8Y=; b=hmzXRTW9uYrDxoqGh9f50FXB3hpgRS23OMmIemGhd/3zBiINVdIMLlIk1LdJXBmaeI m+ecHgQkl3Y2CuzHTQHVrZPF9s74Yt+nOH5K+HR6hCGBpJO31QIQ8kcUITUrkoYQLGdY /s08UCTlJMQV1iEkXdlmyrwsB0qTS58VDVqOhZZcxoKIMXlChg3nGLomcgYtksVZDRMR XQ7SvgZMP4tahLMKiqIKhh0/O9bY8Aw1qObx3hx8iUwZEuiCWYEJgOoOO8tWH1jgj9Ik 9k6c/1k6SMoUK6gIDni0PGxPr6Nw3qqUEOpy8M3EfwfcUzyL1AQjkeUJ6Jo2KFextIGk ZREg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dQrPtu3+xkgejVrGYmZQS+9FvmoJbLWtx8FSFDXAd8Y=; b=XsuhceN66CdNY7aszRiJ31uB9BgU624o7mKPWsXcmd0OUyIy0bR38xeSebdhATN9yU W7IzBHSJrHRN0651PVBHONGk8L14iYXwA+7BO4m6/k+zHDLWcoEUCaMcJJYdGzfkgZZC JXwUAfBIXa65uev4vj5+JCakJehRatVUe3Gs45Hz6BEeSjPCLvKizKxDaGcS4sOf2MZ5 27x9wRk+7uEFVGy3s5GNNIP1YCmwgTrFpkcfSEbw6oRlktvpYIJBHYkaRtv+vfWb7Pmi SFxv++pWf7OkuQ7qslWG65JxuvP8EjoBEPv3tKm7mChGDHtyiFoYJAKmTbvs2t2bDRLF Rsnw== X-Gm-Message-State: AOAM532/Zq6Vw97MjMXcXWQ0OmvWIdBiS/EScjMIAU/SMm/7BCCxSMHH rxXpKXdXV8WAvKiJdpz21PibFzwe1MzGp5FOB7Xqlz5B2UA= X-Google-Smtp-Source: ABdhPJzjw/yAheemoI/E9WjGU1hbRAzJ9E+jTIYb11L+/tjzAWmhCsrag/BVwyHPTTAMnD22Vlq5jCmuxE0n85HBqWY= X-Received: by 2002:a1c:2042:: with SMTP id g63mr7306376wmg.174.1601221623529; Sun, 27 Sep 2020 08:47:03 -0700 (PDT) MIME-Version: 1.0 References: <8917ba98-ba07-096f-eaed-3fa98f4c001c@gmail.com> In-Reply-To: From: =?UTF-8?Q?Iruat=C3=A3_Souza?= Date: Sun, 27 Sep 2020 19:12:24 +0200 Message-ID: Subject: Re: [9front] vncv(1): support for RFB 3.8 To: ori@eigenstate.org Cc: 9front@9front.org Content-Type: multipart/mixed; boundary="00000000000013e1c805b04d764e" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: immutable lossless method-based factory metadata --00000000000013e1c805b04d764e Content-Type: text/plain; charset="UTF-8" On Sat, Sep 26, 2020 at 9:58 PM wrote: > > > On 23/09/2020 01:25, ori@eigenstate.org wrote: > >> > Hi, > >> > > >> > The following patch adds support for RFB 3.8 in vncv(1). > >> > It has been tested by connecting to a screen shared by gnome3 on > >> > linux. Please let me know if it introduces any regressions. > >> > >> Can you re-generate the patch and either add it as an attachment > >> or send it through something other than gmail's web interface? > >> > >> gmail mangles patches, wrappigng them and replacing tabs with > >> spaces. > >> > > here it goes > > First off -- gross, newer versions let the client downgrade > security. This is the opposite of what should be happening. > But that's what the RFC says, so I guess we go with it. > > Ok with it in the client, but let's never implement it in the > server. > > That said: Looking at the RFC, there are 3 versions of > the protocol that should not be treated as 3.3: > > > Any version reported other than 3.7 or 3.8 should be treated as 3.3. > > Accordingly, we should probably recognize and error on 3.7 here, since > we don't implement it. > > + if(strncmp(msg, "RFB 003.", 8) != 0) { > werrstr("bad rfb version \"%s\"", msg); > return -1; > } > > Something like: > > if(strncmp(msg, "RFB 003.", 8) != 0 > || strncmp(msg, "RFB 003.007", VerLen) == 0) > werrstr("bad rfb version \"%s\"", msg); > return -1; > } > Thanks for the review, Ori! And thanks for testing, kvik! A new patch is attached and handling of version 3.7 has been addressed. > The zero types case also looks like it could be improved too: > The RFC says: > > > If number-of-security-types is zero, then for some reason the > connection failed (e.g., the server cannot support the desired > protocol version). This is followed by a string describing the > reason (where a string is specified as a length followed by that many > ASCII characters): > > +---------------+--------------+---------------+ > | No. of bytes | Type [Value] | Description | > +---------------+--------------+---------------+ > | 4 | U32 | reason-length | > | reason-length | U8 array | reason-string | > +---------------+--------------+---------------+ > > The server closes the connection after sending the reason-string. > > It'd be nice to show the server message to the user, it'd help > with debugging (maybe). Something like: > > > char *err; > ntypes = vncrdchar(v); > if (ntypes == 0) { > err = vncrdstring(v); > werrstr("auth error: %s", s); > free(err); > return AFailed; > } > This case was already addressed in the first patch, so I didn't change anything in that respect. sectype38 returns AFailed, so vncauth will read the reason string and present it to the user. > I don't have a vnc 3.8 server set up right now for testing, so if > you want to look over the proposed changes and test, that'd be > great. > > Thanks for the patch! > Everything works as expected in my setup. --00000000000013e1c805b04d764e Content-Type: text/x-patch; charset="US-ASCII"; name="9front-vncv38.diff" Content-Disposition: attachment; filename="9front-vncv38.diff" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_kfld25r60 ZGlmZiAtciAxOWJhYTU2MDBhOTAgc3lzL3NyYy9jbWQvdm5jL2F1dGguYwotLS0gYS9zeXMvc3Jj L2NtZC92bmMvYXV0aC5jCU1vbiBBcHIgMDYgMDE6MzE6MzUgMjAyMCArMDIwMAorKysgYi9zeXMv c3JjL2NtZC92bmMvYXV0aC5jCVN1biBTZXAgMjcgMTc6Mzg6MDEgMjAyMCArMDIwMApAQCAtOSwx NCArOSwxNiBAQAogCVZlckxlbgk9IDEyCiB9OwogCi1zdGF0aWMgY2hhciB2ZXJzaW9uW1Zlckxl bisxXSA9ICJSRkIgMDAzLjAwM1xuIjsKK3N0YXRpYyBjaGFyIHZlcnNpb24zM1tWZXJMZW4rMV0g PSAiUkZCIDAwMy4wMDNcbiI7CitzdGF0aWMgY2hhciB2ZXJzaW9uMzhbVmVyTGVuKzFdID0gIlJG QiAwMDMuMDA4XG4iOworc3RhdGljIGludCBzcnZ2ZXJzaW9uOwogCiBpbnQKIHZuY3NydmhhbmRz aGFrZShWbmMgKnYpCiB7CiAJY2hhciBtc2dbVmVyTGVuKzFdOwogCi0Jc3RyZWNweShtc2csIG1z ZytzaXplb2YgbXNnLCB2ZXJzaW9uKTsKKwlzdHJlY3B5KG1zZywgbXNnK3NpemVvZiBtc2csIHZl cnNpb24zMyk7CiAJaWYodmVyYm9zZSkKIAkJZnByaW50KDIsICJzZXJ2ZXIgdmVyc2lvbjogJXNc biIsIG1zZyk7CiAJdm5jd3JieXRlcyh2LCBtc2csIFZlckxlbik7CkBAIC0zNSwxOCArMzcsNTIg QEAKIAogCW1zZ1tWZXJMZW5dID0gMDsKIAl2bmNyZGJ5dGVzKHYsIG1zZywgVmVyTGVuKTsKLQlp ZihzdHJuY21wKG1zZywgIlJGQiAiLCA0KSAhPSAwKXsKKwlpZihzdHJuY21wKG1zZywgIlJGQiAw MDMuIiwgOCkgIT0gMCB8fAorCSAgIHN0cm5jbXAobXNnLCAiUkZCIDAwMy4wMDdcbiIsIFZlckxl bikgPT0gMCl7CiAJCXdlcnJzdHIoImJhZCByZmIgdmVyc2lvbiBcIiVzXCIiLCBtc2cpOwogCQly ZXR1cm4gLTE7CiAJfQorCWlmKHN0cm5jbXAobXNnLCAiUkZCIDAwMy4wMDhcbiIsIFZlckxlbikg PT0gMCkKKwkJc3J2dmVyc2lvbiA9IDM4OworCWVsc2UKKwkJc3J2dmVyc2lvbiA9IDMzOworCiAJ aWYodmVyYm9zZSkKIAkJZnByaW50KDIsICJzZXJ2ZXIgdmVyc2lvbjogJXNcbiIsIG1zZyk7Ci0J c3RyY3B5KG1zZywgdmVyc2lvbik7CisJc3RyY3B5KG1zZywgdmVyc2lvbjM4KTsKIAl2bmN3cmJ5 dGVzKHYsIG1zZywgVmVyTGVuKTsKIAl2bmNmbHVzaCh2KTsKIAlyZXR1cm4gMDsKIH0KIAordWxv bmcKK3NlY3R5cGUzOChWbmMgKnYpCit7CisJdWxvbmcgYXV0aCwgdHlwZTsKKwlpbnQgaSwgbnR5 cGVzOworCisJbnR5cGVzID0gdm5jcmRjaGFyKHYpOworCWlmKG50eXBlcyA9PSAwKXsKKwkJd2Vy cnN0cigibm8gc2VjdXJpdHkgdHlwZXMgZnJvbSBzZXJ2ZXIiKTsKKwkJcmV0dXJuIEFGYWlsZWQ7 CisJfQorCisJLyogY2hvb3NlIHRoZSAibW9zdCBzZWN1cmUiIHNlY3VyaXR5IHR5cGUgKi8KKwlh dXRoID0gQUZhaWxlZDsKKwlmb3IoaSA9IDA7IGkgPCBudHlwZXM7IGkrKyl7CisJCXR5cGUgPSB2 bmNyZGNoYXIodik7CisJCWlmKHZlcmJvc2UpeworCQkJZnByaW50KDIsICJhdXRoIHR5cGUgJXNc biIsCisJCQkJdHlwZSA9PSBBRmFpbGVkID8gIkludmFsaWQiIDoKKwkJCQl0eXBlID09IEFOb0F1 dGggPyAiTm9uZSIgOgorCQkJCXR5cGUgPT0gQVZuY0F1dGggPyAiVk5DIiA6ICJVbmtub3duIik7 CisJCX0KKwkJaWYodHlwZSA+IGF1dGgpCisJCQlhdXRoID0gdHlwZTsKKwl9CisJcmV0dXJuIGF1 dGg7Cit9CisKIGludAogdm5jYXV0aChWbmMgKnYsIGNoYXIgKmtleXBhdHRlcm4pCiB7CkBAIC01 Niw3ICs5Miw5IEBACiAKIAlpZihrZXlwYXR0ZXJuID09IG5pbCkKIAkJa2V5cGF0dGVybiA9ICIi OwotCWF1dGggPSB2bmNyZGxvbmcodik7CisKKwlhdXRoID0gc3J2dmVyc2lvbiA9PSAzOCA/IHNl Y3R5cGUzOCh2KSA6IHZuY3JkbG9uZyh2KTsKKwogCXN3aXRjaChhdXRoKXsKIAlkZWZhdWx0Ogog CQl3ZXJyc3RyKCJ1bmtub3duIGF1dGggdHlwZSAweCVsdXgiLCBhdXRoKTsKQEAgLTY1LDYgKzEw Myw3IEBACiAJCXJldHVybiAtMTsKIAogCWNhc2UgQUZhaWxlZDoKKwlmYWlsZWQ6CiAJCXJlYXNv biA9IHZuY3Jkc3RyaW5nKHYpOwogCQl3ZXJyc3RyKCIlcyIsIHJlYXNvbik7CiAJCWlmKHZlcmJv c2UpCkBAIC03MiwxMSArMTExLDIwIEBACiAJCXJldHVybiAtMTsKIAogCWNhc2UgQU5vQXV0aDoK KwkJaWYoc3J2dmVyc2lvbiA9PSAzOCl7CisJCQl2bmN3cmNoYXIodiwgYXV0aCk7CisJCQl2bmNm bHVzaCh2KTsKKwkJfQogCQlpZih2ZXJib3NlKQogCQkJZnByaW50KDIsICJubyBhdXRoIG5lZWRl ZFxuIik7CiAJCWJyZWFrOwogCiAJY2FzZSBBVm5jQXV0aDoKKwkJaWYoc3J2dmVyc2lvbiA9PSAz OCl7CisJCQl2bmN3cmNoYXIodiwgYXV0aCk7CisJCQl2bmNmbHVzaCh2KTsKKwkJfQorCiAJCXZu Y3JkYnl0ZXModiwgY2hhbCwgVm5jQ2hhbExlbik7CiAJCWlmKGF1dGhfcmVzcG9uZChjaGFsLCBW bmNDaGFsTGVuLCBuaWwsIDAsIGNoYWwsIFZuY0NoYWxMZW4sIGF1dGhfZ2V0a2V5LAogCQkJInBy b3RvPXZuYyByb2xlPWNsaWVudCBzZXJ2ZXI9JXMgJXMiLCBzZXJ2ZXJhZGRyLCBrZXlwYXR0ZXJu KSAhPSBWbmNDaGFsTGVuKXsKQEAgLTg0LDEzICsxMzIsMjAgQEAKIAkJfQogCQl2bmN3cmJ5dGVz KHYsIGNoYWwsIFZuY0NoYWxMZW4pOwogCQl2bmNmbHVzaCh2KTsKKwkJYnJlYWs7CisJfQogCi0J CWF1dGggPSB2bmNyZGxvbmcodik7CisJLyogaW4gdmVyc2lvbiAzLjggdGhlIGF1dGggc3RhdHVz IGlzIGFsd2F5cyBzZW50LCBpbiAzLjMgb25seSBpbiBBVm5jQXV0aCAqLworCWlmKHNydnZlcnNp b24gPT0gMzggfHwgYXV0aCA9PSBBVm5jQXV0aCl7CisJCWF1dGggPSB2bmNyZGxvbmcodik7IC8q IGF1dGggc3RhdHVzICovCiAJCXN3aXRjaChhdXRoKXsKIAkJZGVmYXVsdDoKIAkJCXdlcnJzdHIo InVua25vd24gc2VydmVyIHJlc3BvbnNlIDB4JWx1eCIsIGF1dGgpOwogCQkJcmV0dXJuIC0xOwog CQljYXNlIFZuY0F1dGhGYWlsZWQ6CisJCQlpZiAoc3J2dmVyc2lvbiA9PSAzOCkKKwkJCQlnb3Rv IGZhaWxlZDsKKwogCQkJd2VycnN0cigic2VydmVyIHNheXMgYXV0aGVudGljYXRpb24gZmFpbGVk Iik7CiAJCQlyZXR1cm4gLTE7CiAJCWNhc2UgVm5jQXV0aFRvb01hbnk6CkBAIC05OSw3ICsxNTQs NiBAQAogCQljYXNlIFZuY0F1dGhPSzoKIAkJCWJyZWFrOwogCQl9Ci0JCWJyZWFrOwogCX0KIAly ZXR1cm4gMDsKIH0K --00000000000013e1c805b04d764e--